SSE674Project1-Chapter4

=Part II - Chapter 4 =

=1. Describe the risk identification process goals. Why is each goal important? Define quantitative success criteria for each goal.=

> a. Encourage input of perceived risk from the team. 15% >> It is important to know what every team member thinks about the project. They can provide insight from a unique perspective.

> b. Identify risk while there is time to take action. 15% >> The sooner risk is identified, the sooner it can be dealt with. If you can incorporate the risk solutions in the design it can help the project out immensely.

> c. Uncover risk and sources of risk. 20% >> Not only is it important to find out what the risk is, but where it came from. If you don’t do this the risk can present itself in another form in an unexpected place.

> d. Capture risk in a readable format. 20% >> It is important to document all risk activity so it can be referred to later in the project.

> e. Communicate risk to those who can resolve it. 20% >> Once risk is identified, give it to the right people who can solve the problem.

> f. Prevent project surprises. 10% >> By trying to identify all of the risks up front you help eliminate surprises.

=2. In what way do project resources, project requirements, and the risk management plan regulate the risk identification process? Is there a relationship among these process controls? Discuss why there is or why there is not.=

> Project resources, project requirements, and the risk management plan regulate the risk identification process by being functions of the entire process. Each is an integral piece of the puzzle. Project resource concentrates on cost, time and staff. Project requirements are controlled by the contractual requirements and your organizational standards. And the last piece, risk management plan, identifies who has the authority and responsibilities to make crucial decisions. All of the parts are required to make the entire process work. Without one part the rest can’t function, so there is defiantly a relationship between them.

=3. What is a risk assessment? Cite three reasons to perform a risk assessment early in the project. Imagine that you were brought in to replace a retiring project manager of a project in the design phase. Would you delegate the task of performing a risk assessment? Discuss the ways a baseline of assessed risks would be valuable to you.=

> The risk assessment identifies risk and evaluates risk based on established criteria. It provides a baseline of assessed risks that are managed by the project and thus is recommended early in any project. To identify critical issues in the design phase, to assess the project requirements based upon risk factors, the sooner a risk assessment is accomplished the more likely the problems can be worked out.

> If I was brought in to replace a retiring project manager I would perform the risk assessment myself. Because what better way to understand the project then by analyzing to project at the lowest levels.

> A baseline assessment can be used to show progress and gives you a starting point. You can see the progress of the project and clearly see if you are heading in the right direction base upon the initial things you identified.

=4. List five methods to identify risk. Describe how you would perform a risk assessment using each of these methods. Compare and contrast the methods in terms of their efficiency and effectiveness. For example, if it is more effective to involve more people, then which methods enable more people to participate?=

> I would these five methods to identify risks:

> Checklist – I would use the checklist to make sure I cover all of the aspects that are important to the project.

> Interview – This process allows the team to focus on what the users of the system are expecting. It can also expose flaws that are not clear in the requirements.

> Review – By going over each of the processes you can combine and elaborate on any vague areas.

> Survey – Surveys are good statistical tools so you can get a general idea where the population stands on certain issues.

> Workgroup – A workgroup consisting of team members and customers can help bring out little problems in a large form that individual process wouldn’t expose.

> I would use the checklist to identify what actions I wanted to cover. I would then conduct interviews and build surveys from them. I would then hold a workgroup and discuss issues from the survey and interviews. Lastly, I would conduct a review and see where I stand. If I am week in any area I would take the opportunity to reengage the week area.

=5. List three reasons to categorize risk. Do you think the number of risks identified in a particular category is a significant measure? Discuss why you do or do not think so.=

> You categorize risks to help you clarify what the problems are in an organized manor. Help you decided who will get what issues, and finally it will help you identify at what stage the risk will become a problem. I don’t think having a number of risks in one category is significant. It really depends on what the project is. Some projects may focus in one area such as a database application where SQL injection would be a major issue, where another project may not have any database interaction at all.

=6. Write a risk statement. What are five benefits of using a structured format for documenting risk? How do you think communication of identified risk changes with the use of risk statement? Explain your answer.=  > Develop a web based application that is database driven. Ensure protection against SQL injection attacks. Do not allow the user to freely add records to the database control insert access by using security levels.

> By using a structured format you make sure you cover all aspects of the topic you are analyzing. You have a consistent feel for each item. The corresponding risk context contains the what, when, where, how, and the why of the risk issue.

=7. You just found out that your software subcontractor has filed for bankruptcy protection. How will you communicate significant risk to your management? Do you plan to communicate the risk as soon as possible, or take the time to assess it? What information will you communicate to your management?=

> The first action is to determine the impact of the situation. How critical was this contractor to the project. Can their portion be absorbed? Is the company still able to fulfill their end of the contract? Can you possible recruit some of the experienced developers as independent contractors?

> Once these and other questions are answered define the best course of action based upon budget, time line, resources, etc. Give management options and a best course of action. Going to management without options can create a panic. It is best to take the time to assess the situation before alerting them and give them solutions to the problem and not just a problem.

=8. Develop a risk checklist for the requirements, design, code, or test phase of software development. Which phase do you think has the greatest risk? Explain your answer.=

> Risk checklists are easy to generate and provide a systematic way to identify risk. You can discover unknown risks that exist on your project by reviewing the project’s critical success factors, listing all items on the critical path of your schedule, and itemizing the project interfaces, internal and external.

> My Check list would include:

> Requirements: Stability, Completeness, Clarity, Validity, Feasibility, Precedent, Scale

> Design: Functionality, Difficulty, Interfaces, Performance, Testability,

> Code: Feasibility, Coding/Implementation

> Test Phase: Environment, Product, System

> The phase that has the greatest risk is the design. Your software foundation is based upon the design and if it is not done with enough detail and attention the project will have a hard time getting underway.

=9. Discuss the concept of confidentiality in risk assessment. When is confidentiality necessary? In your opinion, what are the advantages and disadvantages of identifying risks in peer groups?=

> Confidentiality is important in a scenario where you are looking to develop a system based upon input from the users. The system may have some flaws in the current operation that management doesn’t want to change. If an employee has a good suggestion on a change they may not want to come forward because of retaliation from management.

> Peer groups are a good idea because issues may come up that no one else thinks is a major concern. Each person has the same feeling but they thing it is to insignificant to being up on their own, but in a group setting this issue could be brought to light and added in the design.

=10. How does knowing your risks provide opportunities to manage and improve your chances of success? Explain your answer.=

> Knowing your risks help you manage by identifying concerns upfront. As the project gets moving you can help the project steer around these obstacles. Having risks identified early on helps you prioritize the tasks that need to be completed. You can assign difficult tasks to the appropriate teams so the right people are doing the right jobs.

> By assigning work to the correct people you can manage you project timeline. Knowing your people allows you to assign the correct skill level to the right developer. When you get to an area of high risk you can choose the correct developer to work on the task. If you assign a difficult task to a under skilled developer you can run into problems because the person will take too long to develop the software or not develop it correctly.

Project Home Next Section