university of sunderland csem04 rosco unit 13 unit 13: risk methods csem04: risk and opportunities...

University of Sunderland CSEM04 ROSCO Unit 13

Unit 13: Risk MethodsUnit 13: Risk Methods

CSEM04: Risk and Opportunities of Systems Change in Organisations

Dr Lynne Humphries &Prof. Helen M Edwards


OverviewOverview

• The Concepts of Risk Management Methods• Risk generic lifecycle• Risk Methods• Risk Techniques• Example methods:

– Riskit– SERUM– RAMESES


The Concepts of Risk The Concepts of Risk Management MethodsManagement Methods

• Aimed at controlling risk during a specific project.

• Project stakeholders should have input. • Often difficult to evaluate risks

quantitatively:– therefore need to cater for qualitative risk

assessment.

• Participant communication is essential.


Risk generic lifecycleRisk generic lifecycle

• Risk methods have typical lifecycle

• Assumption that cycle is iterative.– Throughout a project

there may be many iterations of the lifecycle.

allocating&monitoring budget levels

continual risk monitoring

mitigation and contingency planning

modelling riskrelationships

risk prioritisation

risk impact and probability evaluation

goal definition

risk identification



• In practice• BEFORE project starts

–First cycle completes all but last step

–From

“goal definition” –to

“allocating budget levels”





risk prioritisation


goal definition

risk identification

Allocating budget levels



• Once project underway–Start continual risk

monitoring





risk prioritisation


goal definition

risk identification

–In practice this means moving round the risk cycle iteratively.

–How this is managed depends on

• the risk management or• project management

method

used.


Method versus Method versus TechniqueTechnique

• Risk Methods provide frameworks and procedures (or process models) to follow to help manage the control of risks in a project.

• Risk Techniques are small scale approaches that enable you to do some small scale task. – We have looked at some specific risk identification and

analysis techniques within the module.– We will now have a brief overview of some specific risk

methods.


The Riskit MethodThe Riskit Method


The Riskit Method and its Life The Riskit Method and its Life CycleCycle

The focus in typical

risk methods


Where does it fitWhere does it fit??

• Focuses on risk management during systems development.

• Why is it needed?– To manage risks explicitly.– To keep project focused on its goal.


Steps TechniquesRisk managementmandate definition

Risk management mandate template.

Goal review Goal-Question-Metric (GQM), Stakeholder-goalpriority table, goal definition template.

Risk identification Brainstorming techniquesGoal and stakeholder driven identification approachesMeeting aidsInterviews

Risk analysis Riskit analysis graphMultiple criteria decision making tools (such as AHP)Riskit Pareto ranking technique

Risk control planning Riskit element reviewRiskit controlling action taxonomy

Risk control NARisk monitoring Organisation measurement program or database

Techniques in RiskitTechniques in Riskit


FeaturesTechniques

strategic detailed Riskitdefined

generic

Goal-Question-Metric (GQM) Brainstorming techniques Goal and stakeholder driven identification Meeting aids * * Interviews Riskit analysis graph Multiple criteria decision making tools * * (e.g. AHP)

Riskit Pareto ranking technique Riskit element review Riskit controlling action taxonomy Organisation measurement program orDatabase

Summary of Techniques


Goal and stakeholder Goal and stakeholder driven identification driven identification

Stakeholders

Goals

Stakeholder A

Priority: 1

Stakeholder B

Priority: 1… Stakeholder n

Priority: 3

Goal 1 1 4 … -

Goal 2 2 - … 1

Goal 3 3 2 … 4

… … … … …

Goal m 5 3 … 2

•A simple technique to rank the identified goals within each stakeholder.

•N.B. Comparison cannot be made across rows (or goals)

•Different stakeholders may be of different priority/importance in the project .


Risk Analysis GraphRisk Analysis Graph(example from the Riskit Manual)(example from the Riskit Manual)


RiskScenario probability

Utility lossRank1

(e.g. almostcertain., 0.9)

Rank2(e.g. very

likely, 0.75)

Rank3(e.g.likely,

0.6).

… Rank n(e.g. almost

impossible, 0.1)

Rank1(e.g.

catastrophic)

Scenario1 Scenario2…

Rank2(e.g. critical)


Rank3(e.g. severe)


… … … … … …

Rank m(e.g. minimal)

Scenario7…

Risk scenario ranking:Risk scenario ranking:Using Pareto-efficient setsUsing Pareto-efficient sets


Risk element reviewRisk element review


Riskit Riskit controlling controlling

action action taxonomy.taxonomy.


The SERUM MethodThe SERUM Method


SERUM MethodSERUM Method

1. Refine proposed system by assessing risks in the current system

2. Refine proposed system by assessing risks in the proposed system

3. Define changes

4. Perform cost- benefit analysis

8.

6.

Priorit ise changes using cba & risk assessment data

Develop change plan

Risk curren t system

Risk proposed system

Risk development

Costs

Benefits

Create development risk control plan

7.

Create technical risk control plan for accepted risks

9.

Assess Development Risks for Changes

5.

business analysis models & recommendations

development risk control plan

change plan

technical risk control plan


SERUMSERUM

• Premise: “Change is inevitable for all commercial software systems”– For any application, there will be many potential

changes.

• Approach: tackle those changes that provide the best cost-benefit ratio. – But there is risk associated with any change. In

particular technical risk and development risk,


SERUM Change SERUM Change PriorityPriority

• Priority of change is expressed as a function of five variables.

risk exposure in the current system, risk exposure in the proposed system, risk exposure in the implementation of a change cost of a defined change benefit of a defined change


Method CompositionMethod Composition



3. Define changes


8.

6.


Develop change plan



Risk development

Costs

Benefits


7.


9.


5.



change plan


• Soft Systems Methodology - Checkland– used in step 1

through to step 5


Method CompositionMethod Composition



3. Define changes


8.

6.


Develop change plan



Risk development

Costs

Benefits


7.


9.


5.



change plan

technical risk control plan • Evolutionary Development - Gilb– used in steps 6-9

and afterwards (outcomes from steps)




3. Define changes


8.

6.


Develop change plan



Risk development

Costs

Benefits


7.


9.


5.



change plan


• provides a set of recommendations for change (organisational and/or technological).

• the recommendations define the gap between the current and the ideal model.

• may identify major changes to an existing way of working.

• Risk is associated with the disruption to the organisation.

SSM in SERUM: SSM in SERUM: BBusiness analysis of the usiness analysis of the

systemsystem




3. Define changes


8.

6.


Develop change plan



Risk development

Costs

Benefits


7.


9.


5.



change plan


Evolutionary development: Evolutionary development: plan the implementation of plan the implementation of

changes changes

• Parts of a system are implemented and delivered in phases.

• Each part is evaluated by the client

• The feedback is used in implementing subsequent phases.


SERUM and SERUM and systems changesystems change

• Users/decision makers involved in – “SSM” aspects– not in Evolutionary development aspect.

• But– to control project when using evolutionary

approach: ask for measurable goals from developers (whether internal or external).

– Should use a two way mechanism.


The RAMESES MethodThe RAMESES Method


Where does it fitWhere does it fit??

• Focuses on risk of systems change.• Why is it needed?

– Do IT systems always to live up to expectation?– Do IT systems always fit how the business operates?

• Systems Specification is hard.

• Two aspects of change: Business process and IT systems.

• Expected RAMESES to be used: – Before a project gets underway– After a project has happened – as part of post-

implementation review.


RAMESESRAMESESFrameworkFramework

SS-3 SS-2

SS-1DC1-1

DC1-2 DC1-4

Data Collection: Phase 1

Data Collection: Phase 2

DC2-3 DC2-5 DC2-4

DC2-1

DC2-2

The

risk

gaug

es c

an b

e us

ed a

t any

tim

edu

ring

the

data

col

lect

ion

and

ana

lysi

s pr

oces

s

RG-2

RG-1

RiskAssessment

A-1

A-6A-5

RG-2RG-1Identify the Change andIts Characteristics

DC1-3 A-4

Key to the symbols used.

Data Collection Activity (identifies what data to collect,when, who from and how)

A-n Analysis Tool (compares specific data sets)

DCn-m

RG-n Risk Gauge (snap shot of risk)

SS-1System Specification Activity (identifies what isrequired in a new IT system and the constraints)

A-3 A-2


Components of Components of RAMESESRAMESES

• Data collection (auditing)

• System specification

• Analysis (comparisons, gaps)

• Risk assessment (gauges)


Risk GaugesRisk Gauges

• RG1: Change Consensus– purpose: to assess agreement among the

Senior Management team (SMT).

• RG2: Change Context– purpose: to assess the SMT’s perception of the

context of the proposed changes.– purpose: to assess the SMT’s perception of past

company experience.


RG1: Change RG1: Change ConsensusConsensus

Identified change:Implementation of new ERP system to replace packages currently used with an integrated solutionJustification of need for change:•Our system is out of date and difficult to maintainand•We know we are not operating at best efficiency and wish to investigate further. Consensus among SMT:Strongly Agree: 2, Agree: 1, No view: 1, Disagree: 0


RG2 Change ContextRG2 Change Context

• Considers– Project Timescale– Project Scope– Nature of Project– Cost of Project

university of sunderland csem04 rosco unit 13 unit 13: risk methods csem04: risk and opportunities...

Documents

risk methods csem04

risk cycle

specific risk methods

technique risk methods

typical risk methods

riskit slide

specific risk identification

risk scenario ranking