1 qualität & informatik dr. e. wallmüller software risk management – better chances for...
TRANSCRIPT
1 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Software Risk Management – Better Chances for Project Success
Copyright © QUALITÄT & INFORMATIK
Zurich, Munich, Vienna
www.itq.ch
2 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Agenda
• Trend and examples• Best practices• Methodical considerations• Tools• Hints for implementation
3 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Challenges:
• New Business Modelse.g. eBay, Amazon, …
• Global Processes and Systemse.g. NOKIA
• New Information Needse.g. Transparency in Value Generation
But mindset:"The Titanic is unsinkable."
Capt. E. J. Smith
Too little attitude:"First count, then risk."
von Moltke
Living with Risks ...
4 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
CH Study: „IT Costs and Performance 2002“ (Ploner)
5 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
What are the Reasons? CH Study: „IT Costs and Performance 2002“ (Ploner)
6 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Trend
• TronTraG Law in Germany-- Risk management system / indicator control system-- Failure of projects are operational risks
• Maturity Models with risk management process areas -- CMMI
-- SPICE
• Certification based onBS7799-2 (Information Security System)
• Conferences on risk management
7 Qualität & InformatikQualität & InformatikDr. E. Wallmüller08/23/99 11Project Management Shared Experiences Workshop, CECockrell
8 Qualität & InformatikQualität & InformatikDr. E. Wallmüller08/23/99
Risk Spider Chart (Essential Program Elements)
Consequence of Resource Limits
Risk ManagementApproach
Communication
Requirement Definition Information
Transfer
Controlled Process
Planning
Level of TechnologyReadiness
Experience Level of Team
Design to Cost
Visibility of Project Activities
Extensive, Peer &Independent Reviews
Limited Reviews, Project Internal
Proven Team
OJT
TRL 5-6
TRL 1-3
Existing
Extensive, Up-FrontReactive
Clear, Fixed,Parent-Child
Developed as Needed, Free Float
Dynamic, Interactive
Team Operation
Cohesive, Authority
Widely Dispersed, Controlled
Performance is a Tradable Resource
Result of Technical/ Schedule ActivityLowest
Risk
9 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
RiskCommunication
Requirements
Planning
TRLExperience
Cost
Visibility
Team
RiskCommunication
Requirements
Planning
TRLExperience
Cost
Visibility
Team
RiskCommunication
Requirements
Planning
TRLExperience
Cost
Visibility
Team
RiskCommunication
Requirements
Planning
TRLExperience
Cost
Visibility
Team
Low Risk Profile High Risk Profile
Low Risk/Single Weakness High Risk/Multiple Strengths & Weaknesses
10 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Began CRM Training Program in 1997 42 Certified CRM Instructors NASA-wide 2316 students trained NPG 8000.4 Approved April 2002 NPG 7120.5 B reviewed, updated and pending release Updated existing training products to be consistent with
NIAT and NPG’s
CRM Training
11 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
How has Risk Management been lived by Management?
Washington: - Nasa boss Sean O'Keefe will renew the
culture of the agency.
- The final report says:Missing risk awareness andlacking moral courage of employees
Nasa took consequences fromthe Columbia Disaster : Manager fired!
7 crew members died on February, 1st 2003
12 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Critical Success Project Factors
ProjectProjectwins ..wins ..
Vision, ContractVision, Contract
ExecutiveExecutiveSponsorSponsor
Team work,Team work,CooperationCooperation
Priorities,Priorities,DecisionDecision
Goal andGoal andRiskRisk
ControllingControlling
Respon-Respon-sibilities,sibilities,
ProjectProjectOrganisationOrganisation
13 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
o Better understanding and careful dealing with risks and issues
o Asking assumptions and restrictions on which project planning is based
o Better control of the project
o Bases for quality management and assurance
What we want to achieve ...
- Definition: Risk is the possibility of suffering loss.
- Risk in itself is not bad; - risk is essential to progress; - failure is often a key part of learning.
14 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Examples of Known Processes
• Barry Boehm (1989)
• Kontio (1997) CRM and TRM of SEI
PMI
...
15 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Continuous Risk Management (CRM)
Principles:
- Global perspective - Forward-looking view - Open communications - Integrated management - Continuous process - Shared product vision - Teamwork
16 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Continuous Risk Management…(SEI, www.sei.cmu.edu/programs/sepm/risk/)
Function Description
Identify Search for and locate risks before they become problems.
Track Monitor risk indicators and mitigation actions.
Analyze Transform risk data into decision-making information. Evaluate impact, probability, and timeframe, classify risks, and prioritize risks.
Plan Translate riks information into decisions and mitigating actions (both present and future) and implement those actions.
Control Correct for deviations from the risk mitigation plans.
Communicate Provide information and feedback internal and external to the project on the risk activities, current risks, and emerging risks.Note: Communication happens throughout all the functions of risk management.
17 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Candidates for Project Risk Management
Project Risk Manager as a Central Function
IT ControllerInternal Audit functionProject OfficeProject Manager as a Risk
ManagerExternal Project Risk Manager
18 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Risk IdentificationIdentification of non-fictional and manageable risks with
impact to:
Costs Schedule Scope Technical Performance Contract Expectations of Client
Procedure: - Workshop with brainstorming
- Workshop with questionnaire and checklist
19 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Risk Area Checklist V2.1
Schedule/Implement
- Time frame- Geography- Location- Real Schedule vs. Bid Schedule
Technical
- Requirements- Prototypes- Tools- Functionality- Technical Performance- Available and Future Technologies- Architectures- Integration- Support Service
(Training, Rollout, Installation)- Baseline Management- Unproven Hardware
Subcontractors
- Statement of Work- Price- Terms & Condition- Resources/Experiences- Subcontractor Management- Quality Control- Invoicing- Alternate Sources
Contract
- Change Control Process- Terms & Condition/Payment Plan- Acceptance Criteria- Statement of Work/Deliverables
Resources
- Bid/Proposal Resources- Skills/Qualification/Capabilities- Implementation Resources- Facilities (e.g. Space, Equipment)- Logistics
Innovation Projects
- Market Knowledge- Transformation Client Needs- Speed Idea => Product- Changes of Requirements- Team- Management Support/Commitment- Number of Projects in Parallel
© Qualität & Informatik
Software Development Risk Taxonomy(SEI Questionnaire)
21 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
22 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Top Software Risks I
• Personnel Shortfall staffing with appropriate personnel, job matching, team building, securing key personnel agreements, cross-training, rescheduling key people, subcontracting
• Unrealistic schedule and budget detailed multi-source cost and schedule estimation, designing to cost, incremental development, software reuse, requirement scrubbing, renegotiation with client
• Developing the wrong software functions organisation analysis, mission analysis, ops-concept formulation, user surveys, prototyping, early user manual development, development of and agreement to acceptance criteria
• Developing the wrong user interface prototyping, operational scenarios, task analysis,user characterisation (functionality, style, workload)
W.B. Boehm
23 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Top Software Risks II
• Gold Plating requirement scrubbing, prototyping, cost benefit analysis, designing to cost
• Continuing stream of requirement changes high change threshold, information hiding, incremental development, deferral of changes to later increment, tight change control, agreement to acceptance criteria
• Shortfalls in externally furnished components (Procured software) benchmarking, inspection, reference checking, compatibility analysis
• Shortfalls in externally performed tasks (Subcontractors) reference checking, preaward audits, award-fee contracts, competitive design or prototyping, team building
• Straining Computer Science Capabilities technical analysis, cost-benefit analysis, prototyping, reference checking, performance analysis, sizing analysis
W.B. Boehm
24 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
A Good Risk Statement …
For example:
The commercial off-the-shelf (COTS) high-speed data link selected by the project team was never envisioned by the vendor to be used in a hardened environment; it may not perform as needed, causing rework and integration slips.
25 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
How to describe Risks?
26 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Possible Risk Strategies
• Can I avoid the risk? • Can I reduce the risk impact or Can I reduce the risk probability?
• Can I limit the risk? (Contingency)?
• Can I transfer the risk?
• Can I accept the risk ?
Risk Reduction Staircase
27 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Reporting with Risk Information ...
• Specific Risks• Actions
Reporting Date
Dev
elo
pm
ent
Co
sts
in
CH
F
Cost Trend
01.01.00 02.07.00 31.12.00 01.07.01 31.12.01
Project Information
Project Status
Project: xxxxxxx Manager: yyy.zzzz
Goals: .....
Reporting Date: dd-mm-jj
Time
Costs
Quality
Sig
nifi
can
ce
Likelihood
3
4
2
1
6
57
Risk Mapping
Milestone Trend
01.01.98
02.07.98
31.12.98
01.07.99
30.12.99
01.01.98 02.07.98 31.12.98 01.07.99 30.12.99
Reporting Date
Q3Q4Q5Q6
28 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Example Monthly Status Report
29 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Costs & Benefit
– 0.25 % of Project Costs– Start with risk workshop– 1 or 2 days per month
– Reduction of Deviations
– High Transparency
– Reduction of Rework
– Avoidance of Disasters
– Reduction of Deviations
– High Transparency
– Reduction of Rework
– Avoidance of Disasters
30 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Summary
Key Elements
Start early Iterative Process during Life Cycle Find and look for Chances Responsibility (Process, for each risk) Work Break Down Structure (WBS) as a good
source for risk identification Monitor and track risks and measures Involve the whole project team Develop Risk Awareness
31 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Questions
Ernest WallmüllerCEO, Senior Consultant
Telefon 0041 1 748 52 56Mobile 0041 79 402 44 [email protected]
Qualität & Informatik
Haslernstr. 14
CH-8954 Geroldswil
Many thanks for your attention!
33 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
WEB Links for Risk Management
Qualität & Informatik - Links/RM www.itq.ch/links/
Risk Net www.risknet.de
SEI-RM Overview www.sei.cmu.edu/programs/sepm/risk/
www.risknet.de www.dacs.dtic.mil
NASA RM smo.gsfc.nasa.gov
Risk Management Resources www.processimprovement.com
Tool Risk Radar www.iceincusa.com
Tool CARISMA www.sbi-ag.ch
34 Qualität & InformatikQualität & InformatikDr. E. Wallmüller
Literature Boehm B.: Software Riskmanagement, IEEE, 1989
Charette R. N.: Software Engineering Risk Analysis and Management, McGraw-Hill, 1989
Gaulke M.: Risikomanagement von IT-Projekten, Oldenbourg, 2002
Hall E.: Managing Risk, Addison Wesley, 1998
Kendrick T.: Identifying and Managing Projekt Risk, AMACOM, 2003
Kerzner H.: In Search of Excellence in Project Management, Van Nostrand Reinhold, 1998
Phillips D.: The Software Project Manager’s Handbook, IEEE, 1998
Schnorrenberg U.: Risikomanagement in Projekten, Vieweg, 1997
SEI: Continuous Risk Management Guidebook, 1996
Tom DeMarco, T. Lister: Bärentango, Hanser, 2003
Wallmüller E.: Ganzheitliches Qualitätsmanagement in der Informationsverarbeitung, Hanser, 2001
Wallmüller E.: Software-Risikomanagement - Leitfaden für die Implementierung, Hanser, erscheint 2004