university of sunderland csem04 rosco unit 13 unit 13: risk methods csem04: risk and opportunities...
Post on 21-Dec-2015
213 views
TRANSCRIPT
University of Sunderland CSEM04 ROSCO Unit 13
Unit 13: Risk MethodsUnit 13: Risk Methods
CSEM04: Risk and Opportunities of Systems Change in Organisations
Dr Lynne Humphries &Prof. Helen M Edwards
University of Sunderland CSEM04 ROSCO Unit 13
Unit 13: Risk MethodsUnit 13: Risk Methods
CSEM04: Risk and Opportunities of Systems Change in Organisations
Dr Lynne Humphries &Prof. Helen M Edwards
University of Sunderland CSEM04 ROSCO Unit 13
OverviewOverview
• The Concepts of Risk Management Methods• Risk generic lifecycle• Risk Methods• Risk Techniques• Example methods:
– Riskit– SERUM– RAMESES
University of Sunderland CSEM04 ROSCO Unit 13
The Concepts of Risk The Concepts of Risk Management MethodsManagement Methods
• Aimed at controlling risk during a specific project.
• Project stakeholders should have input. • Often difficult to evaluate risks
quantitatively:– therefore need to cater for qualitative risk
assessment.
• Participant communication is essential.
University of Sunderland CSEM04 ROSCO Unit 13
Risk generic lifecycleRisk generic lifecycle
• Risk methods have typical lifecycle
• Assumption that cycle is iterative.– Throughout a project
there may be many iterations of the lifecycle.
allocating&monitoring budget levels
continual risk monitoring
mitigation and contingency planning
modelling riskrelationships
risk prioritisation
risk impact and probability evaluation
goal definition
risk identification
University of Sunderland CSEM04 ROSCO Unit 13
Risk generic lifecycleRisk generic lifecycle
• In practice• BEFORE project starts
–First cycle completes all but last step
–From
“goal definition” –to
“allocating budget levels”
allocating&monitoring budget levels
continual risk monitoring
mitigation and contingency planning
modelling riskrelationships
risk prioritisation
risk impact and probability evaluation
goal definition
risk identification
Allocating budget levels
University of Sunderland CSEM04 ROSCO Unit 13
Risk generic lifecycleRisk generic lifecycle
• Once project underway–Start continual risk
monitoring
allocating&monitoring budget levels
continual risk monitoring
mitigation and contingency planning
modelling riskrelationships
risk prioritisation
risk impact and probability evaluation
goal definition
risk identification
–In practice this means moving round the risk cycle iteratively.
–How this is managed depends on
• the risk management or• project management
method
used.
University of Sunderland CSEM04 ROSCO Unit 13
Method versus Method versus TechniqueTechnique
• Risk Methods provide frameworks and procedures (or process models) to follow to help manage the control of risks in a project.
• Risk Techniques are small scale approaches that enable you to do some small scale task. – We have looked at some specific risk identification and
analysis techniques within the module.– We will now have a brief overview of some specific risk
methods.
University of Sunderland CSEM04 ROSCO Unit 13
The Riskit MethodThe Riskit Method
University of Sunderland CSEM04 ROSCO Unit 13
The Riskit Method and its Life The Riskit Method and its Life CycleCycle
The focus in typical
risk methods
University of Sunderland CSEM04 ROSCO Unit 13
Where does it fitWhere does it fit??
• Focuses on risk management during systems development.
• Why is it needed?– To manage risks explicitly.– To keep project focused on its goal.
University of Sunderland CSEM04 ROSCO Unit 13
Steps TechniquesRisk managementmandate definition
Risk management mandate template.
Goal review Goal-Question-Metric (GQM), Stakeholder-goalpriority table, goal definition template.
Risk identification Brainstorming techniquesGoal and stakeholder driven identification approachesMeeting aidsInterviews
Risk analysis Riskit analysis graphMultiple criteria decision making tools (such as AHP)Riskit Pareto ranking technique
Risk control planning Riskit element reviewRiskit controlling action taxonomy
Risk control NARisk monitoring Organisation measurement program or database
Techniques in RiskitTechniques in Riskit
University of Sunderland CSEM04 ROSCO Unit 13
FeaturesTechniques
strategic detailed Riskitdefined
generic
Goal-Question-Metric (GQM) Brainstorming techniques Goal and stakeholder driven identification Meeting aids * * Interviews Riskit analysis graph Multiple criteria decision making tools * * (e.g. AHP)
Riskit Pareto ranking technique Riskit element review Riskit controlling action taxonomy Organisation measurement program orDatabase
Summary of Techniques
University of Sunderland CSEM04 ROSCO Unit 13
Goal and stakeholder Goal and stakeholder driven identification driven identification
Stakeholders
Goals
Stakeholder A
Priority: 1
Stakeholder B
Priority: 1… Stakeholder n
Priority: 3
Goal 1 1 4 … -
Goal 2 2 - … 1
Goal 3 3 2 … 4
… … … … …
Goal m 5 3 … 2
•A simple technique to rank the identified goals within each stakeholder.
•N.B. Comparison cannot be made across rows (or goals)
•Different stakeholders may be of different priority/importance in the project .
University of Sunderland CSEM04 ROSCO Unit 13
Risk Analysis GraphRisk Analysis Graph(example from the Riskit Manual)(example from the Riskit Manual)
University of Sunderland CSEM04 ROSCO Unit 13
RiskScenario probability
Utility lossRank1
(e.g. almostcertain., 0.9)
Rank2(e.g. very
likely, 0.75)
Rank3(e.g.likely,
0.6).
… Rank n(e.g. almost
impossible, 0.1)
Rank1(e.g.
catastrophic)
Scenario1 Scenario2…
Rank2(e.g. critical)
Scenario4 Scenario3…
Rank3(e.g. severe)
Scenario5 Scenario6…
… … … … … …
Rank m(e.g. minimal)
Scenario7…
Risk scenario ranking:Risk scenario ranking:Using Pareto-efficient setsUsing Pareto-efficient sets
University of Sunderland CSEM04 ROSCO Unit 13
Risk element reviewRisk element review
University of Sunderland CSEM04 ROSCO Unit 13
Riskit Riskit controlling controlling
action action taxonomy.taxonomy.
University of Sunderland CSEM04 ROSCO Unit 13
The SERUM MethodThe SERUM Method
University of Sunderland CSEM04 ROSCO Unit 13
SERUM MethodSERUM Method
1. Refine proposed system by assessing risks in the current system
2. Refine proposed system by assessing risks in the proposed system
3. Define changes
4. Perform cost- benefit analysis
8.
6.
Priorit ise changes using cba & risk assessment data
Develop change plan
Risk curren t system
Risk proposed system
Risk development
Costs
Benefits
Create development risk control plan
7.
Create technical risk control plan for accepted risks
9.
Assess Development Risks for Changes
5.
business analysis models & recommendations
development risk control plan
change plan
technical risk control plan
University of Sunderland CSEM04 ROSCO Unit 13
SERUMSERUM
• Premise: “Change is inevitable for all commercial software systems”– For any application, there will be many potential
changes.
• Approach: tackle those changes that provide the best cost-benefit ratio. – But there is risk associated with any change. In
particular technical risk and development risk,
University of Sunderland CSEM04 ROSCO Unit 13
SERUM Change SERUM Change PriorityPriority
• Priority of change is expressed as a function of five variables.
risk exposure in the current system, risk exposure in the proposed system, risk exposure in the implementation of a change cost of a defined change benefit of a defined change
University of Sunderland CSEM04 ROSCO Unit 13
Method CompositionMethod Composition
1. Refine proposed system by assessing risks in the current system
2. Refine proposed system by assessing risks in the proposed system
3. Define changes
4. Perform cost- benefit analysis
8.
6.
Priorit ise changes using cba & risk assessment data
Develop change plan
Risk curren t system
Risk proposed system
Risk development
Costs
Benefits
Create development risk control plan
7.
Create technical risk control plan for accepted risks
9.
Assess Development Risks for Changes
5.
business analysis models & recommendations
development risk control plan
change plan
technical risk control plan
• Soft Systems Methodology - Checkland– used in step 1
through to step 5
University of Sunderland CSEM04 ROSCO Unit 13
Method CompositionMethod Composition
1. Refine proposed system by assessing risks in the current system
2. Refine proposed system by assessing risks in the proposed system
3. Define changes
4. Perform cost- benefit analysis
8.
6.
Priorit ise changes using cba & risk assessment data
Develop change plan
Risk curren t system
Risk proposed system
Risk development
Costs
Benefits
Create development risk control plan
7.
Create technical risk control plan for accepted risks
9.
Assess Development Risks for Changes
5.
business analysis models & recommendations
development risk control plan
change plan
technical risk control plan • Evolutionary Development - Gilb– used in steps 6-9
and afterwards (outcomes from steps)
University of Sunderland CSEM04 ROSCO Unit 13
1. Refine proposed system by assessing risks in the current system
2. Refine proposed system by assessing risks in the proposed system
3. Define changes
4. Perform cost- benefit analysis
8.
6.
Priorit ise changes using cba & risk assessment data
Develop change plan
Risk curren t system
Risk proposed system
Risk development
Costs
Benefits
Create development risk control plan
7.
Create technical risk control plan for accepted risks
9.
Assess Development Risks for Changes
5.
business analysis models & recommendations
development risk control plan
change plan
technical risk control plan
• provides a set of recommendations for change (organisational and/or technological).
• the recommendations define the gap between the current and the ideal model.
• may identify major changes to an existing way of working.
• Risk is associated with the disruption to the organisation.
SSM in SERUM: SSM in SERUM: BBusiness analysis of the usiness analysis of the
systemsystem
University of Sunderland CSEM04 ROSCO Unit 13
1. Refine proposed system by assessing risks in the current system
2. Refine proposed system by assessing risks in the proposed system
3. Define changes
4. Perform cost- benefit analysis
8.
6.
Priorit ise changes using cba & risk assessment data
Develop change plan
Risk curren t system
Risk proposed system
Risk development
Costs
Benefits
Create development risk control plan
7.
Create technical risk control plan for accepted risks
9.
Assess Development Risks for Changes
5.
business analysis models & recommendations
development risk control plan
change plan
technical risk control plan
Evolutionary development: Evolutionary development: plan the implementation of plan the implementation of
changes changes
• Parts of a system are implemented and delivered in phases.
• Each part is evaluated by the client
• The feedback is used in implementing subsequent phases.
University of Sunderland CSEM04 ROSCO Unit 13
SERUM and SERUM and systems changesystems change
• Users/decision makers involved in – “SSM” aspects– not in Evolutionary development aspect.
• But– to control project when using evolutionary
approach: ask for measurable goals from developers (whether internal or external).
– Should use a two way mechanism.
University of Sunderland CSEM04 ROSCO Unit 13
The RAMESES MethodThe RAMESES Method
University of Sunderland CSEM04 ROSCO Unit 13
Where does it fitWhere does it fit??
• Focuses on risk of systems change.• Why is it needed?
– Do IT systems always to live up to expectation?– Do IT systems always fit how the business operates?
• Systems Specification is hard.
• Two aspects of change: Business process and IT systems.
• Expected RAMESES to be used: – Before a project gets underway– After a project has happened – as part of post-
implementation review.
University of Sunderland CSEM04 ROSCO Unit 13
RAMESESRAMESESFrameworkFramework
SS-3 SS-2
SS-1DC1-1
DC1-2 DC1-4
Data Collection: Phase 1
Data Collection: Phase 2
DC2-3 DC2-5 DC2-4
DC2-1
DC2-2
The
risk
gaug
es c
an b
e us
ed a
t any
tim
edu
ring
the
data
col
lect
ion
and
ana
lysi
s pr
oces
s
RG-2
RG-1
RiskAssessment
A-1
A-6A-5
RG-2RG-1Identify the Change andIts Characteristics
DC1-3 A-4
Key to the symbols used.
Data Collection Activity (identifies what data to collect,when, who from and how)
A-n Analysis Tool (compares specific data sets)
DCn-m
RG-n Risk Gauge (snap shot of risk)
SS-1System Specification Activity (identifies what isrequired in a new IT system and the constraints)
A-3 A-2
University of Sunderland CSEM04 ROSCO Unit 13
Components of Components of RAMESESRAMESES
• Data collection (auditing)
• System specification
• Analysis (comparisons, gaps)
• Risk assessment (gauges)
University of Sunderland CSEM04 ROSCO Unit 13
Risk GaugesRisk Gauges
• RG1: Change Consensus– purpose: to assess agreement among the
Senior Management team (SMT).
• RG2: Change Context– purpose: to assess the SMT’s perception of the
context of the proposed changes.– purpose: to assess the SMT’s perception of past
company experience.
University of Sunderland CSEM04 ROSCO Unit 13
RG1: Change RG1: Change ConsensusConsensus
Identified change:Implementation of new ERP system to replace packages currently used with an integrated solutionJustification of need for change:•Our system is out of date and difficult to maintainand•We know we are not operating at best efficiency and wish to investigate further. Consensus among SMT:Strongly Agree: 2, Agree: 1, No view: 1, Disagree: 0
University of Sunderland CSEM04 ROSCO Unit 13
RG2 Change ContextRG2 Change Context
• Considers– Project Timescale– Project Scope– Nature of Project– Cost of Project