Lecture Notes for CS 325

Risk Management, 25 April 2001

  1. dealing with murphy's law - things go wrong

  2. risk - the possibility that things may not go as planned

  3. humans are poor risk analyzers

    1. overweights costs

    2. focus on short-term risks

    3. counter-intuitive grasp of statistics - baysian and conditional

  4. risk management minimizes risks and their affects

  5. risk management considers everything else not in the development plan

  6. risk components - the risk itself, probability of occurrence, consequences of occurrence; risk assessment

  7. once identified, risks can be avoided or have their consequences minimized; risk control

  8. risk assessment

    1. identify risks, assess their affects, order them

    2. risks to development cost, system performance, and development schedule

    3. project-independent risks - personnel shortfalls, unrealistic budgets and schedules, poor specifications, excessive change requests, external dependency failures

    4. project-dependent risks

      1. decision-driver analysis - why was this decision made this way

      2. assumption analysis - avoiding the rose-colored glasses problem

      3. divide and conquer - homing in on the problem components

    5. given a risk, how likely is it to occur?

      1. model-driven analysis - best case, worst case data

      2. decision analysis - the probability that something happens because of a decision

      3. network analysis - this is connected to that, pert

      4. quality analysis - which requirements are more sensitive to risk

      5. performance analysis - will the system behave as required

    6. risk ordering - given a set of risks, their affects, and their probability of occurrence, which are the risks to watch

      1. risk exposure - occurrence probability times consequences

      2. consensus rankings

  9. risk control

    1. having identified, quantified, and ordered risks, what to do about them

    2. risk management planning - recognizing and dealing with risks

      1. which risks are important and how to deal with each one - avoidance, reduction

      2. risk resolution describes how to deal with each specific risk -

      3. risk monitoring - not getting blind-sided by risks

This page last modified on 27 April 2001.