SSE674Project2-Chapter9

=Part III - Chapter 9 =

=1. Describe how risk management policy is a strategic plan to institutionalized risk management. Identify the risks of documenting a policy that will be supported by the entire organization. What is your mitigation strategy to combat these risks?=  > A policy must be established to define the boundaries and who will make key decisions. Involving key people in the creation of the document is important so you don’t leave out any major details. Having the majority of the organization review the document is also important, because it gives everyone the feel of buy in because they can make suggestions to the document. One key factor in the document is to have it brief as possible. This make sure everyone reads and understands what its purpose is.

=2. Do you agree that anyone can influence policy but policy influences everyone? Discuss why you do or do not agree.=  > I agree that anyone can influence policy but policy influences everyone. Policies are the guidelines that you use to do your business. The person that has the most interest in the company (CEO or Project Manager) defines policies so everyone knows how to act in common scenarios. They are the guidelines we follow to get the job done. Policies are usually open to interpretation and don’t cover unique cases. This is where an individual can influence the process by introducing a new idea and establishing something that was missing before.

=3. Develop a survey that you can give to people that will determine the current risk management practices. Would the survey be different for new business, proposals, projects, and international research and development teams? Explain your answer.=  > I think the survey should be different for each type of business. Weather it is new or old most operations are run in a similar manner. However, two different operations will have very distinct issues so it is difficult to have a single list for new or established operations. I think you can have some questions that do cross boundaries and would apply to everyone. For example I would ask the following types of questions:

>> a. What do you find most difficult about your job? >> b. If you find a software error, how do you report it? >> c. Does the software lack any specific functionality? >> d. Can you utilize software while dealing with a customer? >> e. Do you have to get management approval for processes? >> f. Is it difficult to get management approval in a timely manner?

=4. Discuss the concept of commitment. Why is commitment important for long-term success? Give three ways that commitment is demonstrated in an organization from the top down and three ways that commitment is demonstrated from the bottom up.=  > Obtaining commitment is the first step in developing a policy for risk management. Commitment is demonstrated top-down when the administration allocates resources to a task and bottom-up from employees who support the task. Change occurs when there is both top-down and bottom-up commitment; one without the other will not suffice. Commitment, not interest, is what it takes for long term success in changing or developing an organizational culture. When we are interested in something, it can hold our attention for a time until we find something else to take its place. When we are committed, we understand that it is our duty to see the tasks through to completion. Interest will wane over time; commitment strengthens as progress is made toward goals. Closer to the goal, our commitment is based on knowledge and understanding that we did the right thing.

=5. What is a risk ethic? What do you think is the significance of fostering a risk aware culture?=  > A risk ethic is the rules of conduct that characterize a proper risk management philosophy. The central theme of the philosophy is the notion that risk is the organization’s responsibility. A risk ethic follows from this philosophy as a set of behaviors appropriate for handling risk at work. The need for a risk ethic can be sustained by the challenges facing the entire software industry. The general problems the organization faces also support the need to manage risk.

=6. What is the point of involving opinion leaders in organizational change? Identify five risks of dictating an organizational policy on software risk management. Discuss the probability and consequence for each of the identified risks.=  > Involving opinion leaders in organizational change is important. They can influence the organization to support new policy and have the transition for change smoother. Here are five risks that impact software development:

>> a. Inadequate Planning – This is a major risk. I am experiencing this at work right now. We started a project converting a desktop application to the web. The thought was to have simple flow charts and use existing code for the processes. After two years of development we are still programming. We found that each process had to be detailed out for each programmer to write.

>> b. Unrealistic Schedules – Schedule was another major problem. We started off using .Net with programmers with little to no experience and they switched to classic ASP. Now well into the project we are realizing the limitations of that decision.

>> c. Unrestricted Requirements Growth – This can be a problem because the customer will always want more. At some point a cut off has to be made and concentration of the project needs to start. If requirements keep popping up, defer them to version 2.

>> d. Dysfunctional Organizational Chart – In a large effort it is very difficult to know who is making the decisions. Without a proper structure chart the wrong person can be making decisions that lead the project down the wrong path.

>> e. Not Having or Following Processes – Not following established procedures leads to chaos and potential loss of data. Not having procedures is extremely difficult because there is no consistency in the project portions people develop.

=7. Write a risk management policy for NASA. Write another risk management policy, this time for Microsoft. Compare and contrast the two policies.=  > The elements of the NASA risk management policy would be:

>> a. Ensure human life is valued above resources. >> b. Safety is the number one priority. >> c. Perform simulation of major tests to minimize expensive hardware failure. >> d. All personnel will comply with all training requirements. >> e. Backup systems are as important as the primary ones.

> The elements for Microsoft

>> a. Software quality is number one priority. >> b. Secure software to limit exploitation. >> c. Tighten software licensing procedures. >> d. Keep project details from the public until release time. >> e. Maintain regular backups of all projects.

> I think that Microsoft is concerned with robust software public image. NASA is concerned about astronaut safety and ensuring equipment works a designed. Microsoft also puts a lot of emphasis on trade secrets because it can affect their bottom line. NASA is concerned about software but will put functionality above the bells and whistles that Microsoft would include.

=8. Write a risk management policy for your organization. Discuss how the terminology reflects your environment.=  > The main focus of the risk management policy is the responsibility section and procedure portion. Responsibility tells the reader the chain of command and who is responsible for what decision. Decision making is a vital part to the process. Here are some procedures that will help the process along:

>> a. Document a risk management plan. >> b. Perform a baseline risk assessment early in the project. >> c. Report risks at weekly status meetings. >> d. Review risks at monthly meetings. >> e. Maintain a risk database, and deliver it at project completion.

=9. People communicate through vocabulary. Underline and define the important terms used in a risk management policy.=  > Avoidance, reduction, sharing, and retention.

=10. You are an engineer working on a large software development. The project schedule is slipping due to technical problems. Management does not appear to know how to change this situation. You have been inspired to make a difference for your project. What will you do? Explain the difference your actions can make for your project.=  > The first thing to do is understand why the schedule is slipping. In my office we are developing a web application form a desktop version. The design phase of the project was to convert the desktop application to the web. We were going to use the existing application code and implement it. The only design done in the project was flow charts to describe a basic flow of how the programs were related and the major operations of each process.

> As we started the project we quickly learned that the flow charts were not much help. Each developer had to go to the subject matter expert and get a through explanation of the process and how it worked. This slowed the development process down considerable. The other problem was how the code was written in the original program. Being a desktop application it would do general database queries and get large amounts of data. It would then reduce the data using more queries to refine the current process. While this works great in the single PC environment, it could mean serious lag time on the web. Most data pulls had to be refined to limit the data being extracted and the amount of times the program hit the database.

> Our schedule slipped considerably because of this issue. We solved it by having our subject matter expert create outlines of the major processes to ensure all of the program functionality remained intact. We also hired on more programmers to help generate more code quickly.

> Knowing what the problems are is the first step in solving it. Making changes in procedures and processes can go a long way to fixing schedule slips and getting the project back on track.

Project Home Next Section