Applied software risk management : a guide for software project managers

Title:

Personal Author:

Pandian, C. Ravindranath

Publication Information:

Boca Raton, FL : Auerbach/Taylor & Francis, 2007

ISBN:

9780849305245

Subject Term:

Computer software -- Development -- Management

Risk management

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ JB	30000010132689	QA76.76.D47 P364 2007	Open Access Book	Book	Searching... Unknown
Searching... PSZ KL	30000010196979	QA76.76.D47 P364 2007	Open Access Book	Book	Searching... Unknown

Few software projects are completed on time, on budget, and to their original specifications. Focusing on what practitioners need to know about risk in the pursuit of delivering software projects, Applied Software Risk Management: A Guide for Software Project Managers covers key components of the risk management process and the software development process, as well as best practices for software risk identification, risk planning, and risk analysis.

Written in a clear and concise manner, this resource presents concepts and practical insight into managing risk. It first covers risk-driven project management, risk management processes, risk attributes, risk identification, and risk analysis. The book continues by examining responses to risk, the tracking and modeling of risks, intelligence gathering, and integrated risk management. It concludes with details on drafting and implementing procedures. A diary of a risk manager provides insight in implementing risk management processes.

Bringing together concepts across software engineering with a project management perspective, Applied Software Risk Management: A Guide for Software Project Managers presents a rigorous, scientific method for identifying, analyzing, and resolving risk.

Author Notes

Pandian\, C. Ravindranath

1 Risk Culture	p. 1
1.1 Risk Thinking	p. 1
1.2 What Is Risk?	p. 2
1.3 A Boundary Problem	p. 3
1.4 Expressing Risk: The Basic Terms	p. 6
1.4.1 Additional Terms	p. 6
1.5 Risk Vocabulary	p. 6
1.6 Risk-Driven Project Management	p. 7
1.6.1 Project Visibility	p. 7
1.6.2 Goal Setting	p. 7
1.6.3 Product Development	p. 7
1.6.4 Development	p. 8
1.6.5 Maintenance	p. 9
1.6.6 Supply Chain	p. 9
1.7 Controlling the Process, Environment, and Risk	p. 10
1.7.1 Process Management and Risk Management	p. 10
1.7.2 SPC and Risk	p. 10
1.7.3 Five S and Risk	p. 10
1.7.4 Defect Prevention and Risk Management	p. 11
1.8 Maturity in Risk Culture	p. 11
1.9 Risk Scale	p. 13
1.9.1 Case Study	p. 14
1.9.1.1 Background Data	p. 14
1.9.1.2 Comments	p. 14
1.9.1.3 What Do We Learn from This Example?	p. 15
1.10 Preparing for Risk	p. 15
1.10.1 People	p. 15
1.10.2 Communication	p. 16
1.10.3 Body of Knowledge	p. 16
1.10.4 Metrics	p. 16
1.10.5 Estimation Models	p. 17
1.10.6 Detailed Planning	p. 17
1.10.7 Effective Defect Management	p. 17
2 Risk Management Process	p. 19
2.1 What Is Risk Management?	p. 19
2.1.1 Risk or Opportunity?	p. 20
2.2 Risk Management Paradigms	p. 21
2.3 Is There a Process?	p. 23
2.4 In Real Life	p. 23
2.5 Five Models for Risk Management	p. 24
2.5.1 The Core Models	p. 24
2.5.2 Superstructure Models	p. 24
2.5.3 Application of the Models	p. 24
2.6 Model 1: The Organic Risk Management Process	p. 25
2.6.1 An Analogy	p. 25
2.6.2 Comments	p. 26
2.7 Model 2: Goal Selection	p. 26
2.8 Thinking about Less Risky Alternatives	p. 27
2.8.1 Category 1 Risk-Informed Project Objectives	p. 27
2.8.2 Category 2 Risk-Informed Product Goals	p. 27
2.8.3 Category 3 Risk-Informed Requirement Management	p. 27
2.8.4 Category 4 Risk-Informed Milestone. Design	p. 28
2.8.5 Category 5 Risk-Informed WBS	p. 28
2.9 Model 3: Minimum Risk Management	p. 28
2.9.1 Creating Risk Awareness Is Risk Management	p. 29
2.10 Model 4: Medium-Scale Risk Management	p. 29
2.10.1 Risk Management Is Acting upon Risk Awareness	p. 31
2.11 Model 5: IAMT Cycle	p. 31
2.12 Model 6: Full-Scale Risk Management	p. 31
2.12.1 Initiative 1	p. 33
2.12.2 Initiative 2	p. 33
2.12.3 Initiative 3	p. 33
2.13 Risk Management at Different Levels	p. 33
2.13.1 The Mixup	p. 35
2.13.2 External Risks and Layers	p. 35
2.13.3 Can We Manage Subprocess Risks?	p. 35
2.13.4 Project-Level Risk Management	p. 36
2.13.5 Program-Level Risk Management	p. 36
2.13.6 SBU-Level Risk Management	p. 36
2.13.7 Enterprise Risk Management	p. 36
2.14 Risk Escalation	p. 37
2.14.1 Risk Elevation	p. 37
2.14.2 Troubleshooting Move	p. 37
2.14.3 Lack of Cooperation	p. 38
3 Risk Attributes	p. 41
3.1 Risk Classification	p. 41
3.2 Risk Attributes	p. 41
3.3 Risk Origin	p. 44
3.3.1 Internal Risks	p. 44
3.3.2 External Risks	p. 44
3.3.3 Drawing the Boundary Line between Internal and External	p. 44
3.3.4 Break Boundaries Within	p. 45
3.3.5 External Risks: A Class Apart	p. 45
3.3.6 Vendor Risks	p. 46
3.4 Screening the Risks	p. 46
3.4.1 Hazard Risks	p. 46
3.4.2 Constraint Risks	p. 47
3.4.3 Nominal Risks	p. 47
3.4.4 Trivial Risks	p. 47
3.5 Three P's	p. 47
3.5.1 Project Risks	p. 48
3.5.2 Process Risks	p. 49
3.5.3 Product Risks	p. 49
3.6 Risk Severity	p. 50
3.7 SEI Risk Taxonomy	p. 51
3.8 Risk Levels	p. 52
3.9 Time Element	p. 52
3.10 Affected Process Areas	p. 54
3.11 Affected Key Result Areas (KRA)	p. 54
3.12 Affected Goals	p. 54
3.13 Affected Requirements	p. 54
3.14 Risk Name	p. 54
3.15 Who Will Assign the Attributes?	p. 55
3.15.1 Extension of Attributes	p. 55
3.15.2 Risk Record Structure	p. 55
3.15.3 Risk Classification Is Risk Measurement	p. 56
4 Risk Identification	p. 57
4.1 The Meaning of Risk Identification	p. 57
4.2 Risk Identification Methods	p. 58
4.2.1 Type I: Intuitive Methods	p. 59
4.2.1.1 Mind Mapping	p. 59
4.2.1.2 Brainstorming	p. 60
4.2.1.3 Out-of-the-Box Thinking	p. 60
4.2.1.4 Analogy	p. 61
4.2.2 Type I: History-Based Methods	p. 61
4.2.2.1 Top Ten Risks	p. 61
4.2.2.2 Risk Checklist	p. 63
4.2.2.3 Taxonomy-Based Questionnaire	p. 63
4.2.3 Type II: Project-Specific Risk Identification	p. 65
4.2.3.1 Phase I: Context Setting	p. 65
4.2.3.2 Phase II: Data Gathering	p. 65
4.2.3.3 Phase III: Risk Discovery	p. 67
4.2.3.4 Phase IV: Assigning Attributes	p. 69
4.2.3.5 Phase V: Validation	p. 70
4.2.3.6 Phase VI: List	p. 72
4.3 Levels in Identification	p. 72
4.3.1 Process-Level Risk Identification	p. 72
4.3.2 Project-Level Risk Identification	p. 72
4.3.3 Enterprise-Level Risk Identification	p. 72
4.4 Identifying Product Risks	p. 73
4.4.1 Distinguishing Product Risks from Process Risks	p. 73
4.4.2 Distinguishing Product Risks from Product Defects	p. 73
4.4.3 Product Risk Management versus Defect Management	p. 74
4.5 Implementing Risk Identification Processes	p. 74
5 Risk Analysis	p. 81
5.1 Scope and Purpose of Risk Analysis	p. 81
5.1.1 Bias for Action	p. 81
5.1.2 Risk Selection	p. 82
5.1.3 Types of Risk Analysis	p. 82
5.2 First-Order Analysis	p. 83
5.2.1 Analysis 1: Risk Screening	p. 83
5.2.2 Analysis 2: Quadrant Map	p. 84
5.2.3 Analysis 3: Top Ten Risks List	p. 86
5.3 Useful Risk Distribution Analysis	p. 87
5.3.1 Analysis 4: Internal-External Risk Distribution	p. 87
5.3.2 Analysis 5: Project, Product, Process Risk Distribution	p. 88
5.3.3 Analysis 6: Process Risk Signature	p. 88
5.3.4 Analysis 7: Time Analysis	p. 89
5.3.5 Analysis 8: Causal Analysis	p. 90
5.4 Seeing the Larger Picture	p. 92
5.4.1 Analysis 9: The Process Map	p. 92
5.4.2 Analysis 10: Performance Area Map	p. 93
5.5 Risk Levels and Analysis Effort	p. 93
5.6 Ownerless Risks	p. 94
5.7 Putting Together the Preliminary Analyses	p. 94
5.8 The Analysis Report	p. 94
5.9 More Analysis	p. 95
5.10 How to Implement Analysis	p. 95
6 Responding to Risk	p. 97
6.1 Getting Started 7	p. 97
6.2 Special Treatment for Catastrophic Risks	p. 98
6.2.1 Communicate Risks	p. 98
6.2.2 Find Solutions	p. 98
6.2.3 Carry People Along	p. 99
6.2.4 The Action Plan	p. 99
6.2.5 Organizational Response to Hazard	p. 100
6.2.6 Fallacy of Risk Ranks	p. 100
6.2.7 Beyond Statistics	p. 100
6.3 The Constraint Risks	p. 100
6.4 Responding to Ordinary Threats	p. 101
6.5 A Comparison of Two Levels of Response	p. 101
6.6 Risk Response Plans	p. 102
6.7 Risk Avoidance	p. 102
6.8 Risk Transfer	p. 102
6.9 Risk Acceptance	p. 103
6.10 Risk Monitoring	p. 103
6.11 Risk Mitigation	p. 103
6.11.1 The Questions	p. 104
6.11.2 A Risk Mitigation Plan Case Study	p. 105
6.12 Contingency Plans	p. 107
6.12.1 Continuous Monitoring	p. 107
6.12.2 Triggers	p. 107
6.12.3 The Onset	p. 108
6.13 Strategic Plan	p. 109
6.14 Risk Escalation	p. 109
6.15 Implementing Risk Response	p. 110
6.15.1 Suggestions	p. 112
7 Risk Tracking	p. 113
7.1 What Do We Track in Risks?	p. 113
7.2 A Moving Target	p. 113
7.3 Tracking Risk Response Plans	p. 114
7.4 Tracking the Bigger Response: Audits	p. 115
7.5 Tracking Hazard Risks	p. 116
7.6 Trigger Levels	p. 116
Case Study: How Wrong Triggers Fail Risk Management	p. 117
7.7 Tracking Project Risks	p. 118
7.7.1 Tracking until Project Ends	p. 118
7.7.2 Milestone Risk Review	p. 119
7.7.3 Performance Targets and Risks	p. 119
7.8 Tracking Operational Risks	p. 119
7.8.1 Tracking Risk Exposure	p. 119
7.8.2 Categorywise REN	p. 120
7.8.3 Risk Metric	p. 120
7.8.4 Risk Closure	p. 120
7.9 Tracking Enterprise Risks	p. 120
7.10 Learning by Tracking	p. 121
7.10.1 Tracking Improves Risk Management	p. 121
7.10.2 Surprises	p. 121
7.10.2.1 Surprise 1: No Real Risk	p. 122
7.10.2.2 Surprise 2: Other Forces in Action	p. 122
7.10.2.3 Surprise 3: True Risk Definition	p. 122
7.11 Risk Tracker Tool	p. 122
7.12 The Hardening of Risks	p. 123
7.12.1 Hardening of Business Risks	p. 123
7.12.2 Hardening of Product Risks	p. 124
7.12.3 Hardening of Process Risks	p. 125
7.12.4 Hardening of Project Risks	p. 125
7.13 Implementing Risk Tracking	p. 125
7.13.1 Suggestions	p. 125
8 Risk Models	p. 127
8.1 Why Models?	p. 127
8.1.1 Models Connect	p. 127
8.1.2 Models Enable Risk Discovery	p. 127
8.1.3 Models Integrate	p. 128
8.1.4 Models Give Visibility	p. 128
8.1.5 Types of Models	p. 129
8.2 Simple Risk Models	p. 129
8.2.1 Matrix Models	p. 129
8.2.2 Tree Models	p. 130
8.2.3 Failure Mode Effects Analysis (FMEA)	p. 132
8.2.3.1 Managing Product Risk Using FMEA	p. 134
8.2.4 Affinity Diagram	p. 137
8.2.5 Risk Line	p. 139
8.2.6 Probability Density Function (pdf)	p. 140
8.2.7 Risk Simulation	p. 142
8.3 Implementing Risk Models	p. 143
9 Risk Intelligence	p. 145
9.1 Natural Warning Systems	p. 145
9.2 Metrics Models	p. 146
9.2.1 Metrics Choice	p. 146
9.2.2 Product Risk Metrics: An Example	p. 146
9.2.3 Early Indicators	p. 147
9.2.4 Control Charts	p. 147
9.2.5 Scorecard	p. 147
9.3 Earned Value Model	p. 148
9.4 Estimation Model	p. 149
9.4.1 Using COCOMO to Study Risk	p. 149
9.5 Requirement Model	p. 151
9.5.1 Kano Model	p. 151
9.6 Critical Path Model	p. 154
9.7 WBS Model	p. 156
9.8 PERT Model of Risk	p. 157
9.8.1 Task Network Scenario A	p. 157
9.8.2 Task Network Scenario B	p. 157
9.8.3 Task Network Scenario C	p. 158
9.9 Implementing Risk Intelligence	p. 159
10 Feed Forward	p. 161
10.1 Beyond Risk-Reports	p. 161
10.2 Passing Knowledge Forward	p. 162
10.3 Risk Communication: The Critical Need	p. 163
10.4 Ten Barriers to Risk Communication	p. 164
10.5 Risk Dashboard	p. 165
10.5.1 Traffic Lights	p. 165
10.5.2 Risk Scorecard	p. 166
10.6 Analytical Views	p. 166
10.7 Use of Models	p. 167
10.8 The Tool	p. 167
10.8.1 Risk Reports	p. 169
10.9 Risk Closure Report	p. 170
10.10 Better Than SPC	p. 171
10.11 Incorporating FFL in Risk Management	p. 171
11 Integrated Risk Management	p. 173
11.1 Economy Drive	p. 173
11.1.1 A Problem	p. 173
11.1.2 The Need for an Integrated Approach	p. 173
11.1.3 Interfaces	p. 174
11.1.4 Collaboration	p. 174
11.2 The Visible and the Invisible	p. 175
11.2.1 Two Worlds	p. 175
11.2.2 Connecting Threads	p. 175
11.2.3 An Example	p. 176
11.3 The Positive and the Negative	p. 176
11.4 Program-Level Integration	p. 177
11.4.1 Artifacts for Risk Integration	p. 177
11.4.2 Decision Analysis	p. 178
11.5 Strategic Business Unit (SBU)-Level Integration	p. 178
11.6 Enterprise-Level Integration	p. 178
11.7 Integrated Plans	p. 178
11.7.1 Transfer to Other Plans	p. 179
11.8 Integrated Risk Management: An Agile Process	p. 179
11.9 How to Establish Integrated Risk Management	p. 180
12 Risk Management: Draft Procedures	p. 183
12.1 Can There Be a Procedure?	p. 183
12.1.1 Dangers of the Stereotype	p. 183
12.1.2 Procedure Is Only a Tool	p. 183
12.1.3 Risk Is a Game	p. 184
12.2 The Risk Arena	p. 184
12.3.1 Culture versus Procedure	p. 184
12.3 Symptoms of Not Having a Formal Risk Management Procedure	p. 184
12.4 The Anatomy of a Risk Management Procedure	p. 185
12.4.1 Evolution	p. 185
12.4.2 Empathetic Initiative	p. 186
12.4.3 The Layers	p. 186
12.5 For Whom?	p. 186
12.6 Implementing the Procedures	p. 187
12.7 Procedure 1: Risk Management at Project and Operations Level	p. 188
12.8 Procedure 2: Enterprise Risk Management	p. 196
Appendix A Caper Jones's Risk	p. 203
Appendix B Rex Black's Quality Risk List	p. 205
Appendix C SEI Risk Taxonomy	p. 207
Appendix D Top N Software Risks	p. 211
Appendix E PMI, Risk Management Process	p. 213
Appendix F IRM, Risk Management Standard	p. 217
Appendix G Continuous Risk Management (CRM) Paradigm	p. 219
Appendix H Barry Boehm's Risk Management Process	p. 221
Appendix I Risk Management in CMMi	p. 223
Appendix J Requirement Risk versus Measurable Quality Attributes	p. 225
Appendix K Diary of a Risk Manager	p. 227
Risk Glossary	p. 237
References	p. 239
Index	p. 243

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents