Lecture 12 - Managing Risk for Software Project

Question 1

What is risk deciphered as? (3)

Answer 1

• Lack of information
• Lack of time
• Lack of control

Question 2

What is the formula for calculating Risk exposure?

Answer 2

Risk exposure = Impact x Probability

Question 3

What is risk?

Answer 3

Something identified in advance that may or may not happen and can have positive or negative impact on project

Question 4

What are positive risks know as?

Answer 4

Opportunities

Question 5

TF: Project Management does not focus on threats (negative risks)

Answer 5

False. It does

Question 6

Lack of knowledge about an event that reduces confidence in conclusions drawn from data is an…

Answer 6

Uncertainty

Question 7

What is risk tolerance?

Answer 7

Level of risk acceptable to an individual or organization

Question 8

What is risk threshold?

Answer 8

Specific point at which risk becomes unacceptable

Question 9

What is Risk averse?

Answer 9

Someone who does not want to be negatively impacted by threats

Question 10

TF: Risk tolerance is considered the opposite of risk averse

Answer 10

True

Question 11

What is the ISO/IEC definition of risk?

Answer 11

The combination of the probability of an event and its negative consequence

Question 12

What is the ISO/IEC definition of risk category?

Answer 12

A class or type of risk (technical, legal, safety, schedule, etc.)

Question 13

TF: Risk category is a characterization of a source of risk

Answer 13

True

Question 14

What are the risk management processes? (2)

Answer 14

• Risk assessment
• Risk control

Question 15

What are the steps of risk assessment? (3)

Answer 15

1. Risk identification
2. Risk analysis
3. Risk prioritization

Question 16

TF: Risk assessment cannot be reassessed at the beginning of each iteration

Answer 16

False. It can

Question 17

What is Risk identification?

Answer 17

Determines risks related to the overall project, product, and business

Question 18

What is the outcome of risk identification?

Answer 18

Collection of risk items

Question 19

What are typical software project risk elements? (4)

Answer 19

• Performance risk
• Cost risk
• Support risk
• Schedule risk

Question 20

What is performance risk?

Answer 20

Degree of uncertainty that the product will meet its requirements and be fit for intended use

Question 21

What is cost risk?

Answer 21

Degree of uncertainty that project budget will be maintained

Question 22

What is support risk?

Answer 22

Degree of uncertainty that the resultant software will be easy to correct, adapt, and enhance

Question 23

What is schedule risk?

Answer 23

Degree of uncertainty that the project schedule will be maintained, and project will be delivered on time

Question 24

What are some causes of software project risks? (5)

Answer 24

• Poor risk management practices
• Under-defined scope/goals
• Misunderstanding context, options, and opportunities
• Poor time and priority management
• Cultural inability to cut our losses

Question 25

What is Risk analysis?

Answer 25

Assessment of the likelihood of occurrence of a risk and the impact of it on the project, product, business

Question 26

What is qualitative assessment for the likelihood of occurrence for a risk?

Answer 26

The scale (low, moderate, significant, high)

Question 27

What is quantitative assessment for the likelihood of occurrence for a risk?

Answer 27

Probability of occurrence

Question 28

What is qualitative assessment for the impact on project, product, business of a risk item?

Answer 28

The scale (low, moderate, significant, high)

Question 29

What is quantitative assessment for the impact on project, product, business of a risk item?

Answer 29

A number to represent the impact of a risk (ex: fire can cause 0.5 millions of damage in a facility)

Question 30

What makes a risk of high concern?

Answer 30

If the risk has High impact and High likelihood of occurrence

Question 31

Consider a fire which can cause 0.5 millions of damage in a facility. Let the probability of this event be 0.01. Then the risk exposure is...

Answer 31

RE = $0.5million x 0.01 = $5,000

Question 32

What is risk prioritization?

Answer 32

Setting priorities in order to determine where to focus risk mitigation efforts

Question 33

In risk prioritization, how do we determine the priority of each risk item in a quantitative model?

Answer 33

Combine the likelihood and impact

Question 34

What are the three parts that make up Risk control?

Answer 34

- Risk Planning - Resolution - Risk Monitoring

Question 35

What does the acceptance strategy in risk planning involve in risk control?

Answer 35

Means the project has decided not to change the project plan to deal with a risk or is unable to identify any other suitable response strategy

Question 36

TF: Contingency plans is an example of the acceptance risk response strategy

Answer 36

True

Question 37

TF: Identification of risk-trigger points is an example of the acceptance risk response strategy

Answer 37

True

Question 38

TF: Using contingency allowance (time, budget, staff) is not an example of the acceptance risk response strategy

Answer 38

False. It is

Question 39

What does the avoidance strategy in risk planning involve in risk control?

Answer 39

Changing the project plan to eliminate the risk to protect the project goals and objectives from its impacts

Question 40

TF: Not using unfamiliar subcontractors is an example of the avoidance risk response strategy

Answer 40

True

Question 41

TF: Adding resources or time to critical tasks during planning is not an example of the avoidance risk response strategy

Answer 41

False. It is

Question 42

What does the transference strategy in risk planning involve in risk control?

Answer 42

Shifting the consequence and ownership of a risk to a third party

Question 43

TF: Warranties and guarantees are an example of the transference risk response strategy

Answer 43

True

Question 44

TF: Use of fixed-priced contract with subcontractors is an example of the transference risk response strategy

Answer 44

True

Question 45

What does the mitigation strategy in risk planning involve in risk control?

Answer 45

Reduces the possibility and/or consequences of an adverse risk to an acceptable level

Question 46

Adopting less complex processes is an example of what risk response strategy?

Answer 46

Mitigation

Question 47

Plan for additional testing of complex elements is an example of what risk response strategy?

Answer 47

Mitigation

Question 48

Using a more reliable or more stable vendor is an example of what risk response strategy?

Answer 48

Mitigation

Question 49

Using a prototype in the development process is an example of what risk response strategy?

Answer 49

Mitigation

Question 50

What is Risk Reduction Leverage?

Answer 50

The ratio of the reduction in risk exposure over the cost of the reduction

Question 51

What is the Risk Reduction Leverage (RRL) formula?

Answer 51

RRL = [RE(before) - RE(after)]/cost of reduction

Question 52

TF: An RRL value greater than 1 indicates cost effective risk reduction measures

Answer 52

True

Question 53

TF: An RRL value less than 1 would indicates cost effective reduction measures

Answer 53

False. Indicates a non cost effective reduction measures

Question 54

Slide 30 for RRL example

Answer 54

No answer slide?

Question 55

What is the most powerful tool for determining net outcomes from both positive and negative risk events?

Answer 55

Decision tree analysis

Question 56

A diagram that describes a decision under consideration and the implications of choosing one or another of the available alternatives is a...

Answer 56

Decision tree

Question 57

TF: The set of outcomes for a decision tree adds up to 100%

Answer 57

True

Question 58

How do you calculate the total impact for each branch of the decision tree?

Answer 58

EMV = P * I EMV: Expected Monetary Value P: Probability I: Impact

Question 59

Slide 32 for Decision tree analysis technique

Answer 59

No answer?

Question 60

Examining and documenting the effectiveness of risk responses in dealing with identified risks. Their root causes, and the risk management process is known as...

Answer 60

Project Risk Response audits

Question 61

TF: Project risk response audits should not happen regularly

Answer 61

False. It should happen regularly

Question 62

What is involved in Periodic project risk reviews? (3)

Answer 62

- Identification of new risks - Reassessment of current risks - Closing outdated risks

Question 63

What are the steps of Risk Control Overview? (6)

Answer 63

- Identification - Analysis - Prioritization - Planning - Resolution - Monitoring

Question 64

What are the elements that are included in Risk Monitoring/Controlling? (6)

Answer 64

- Risk log - ID number - Risk description - Risk owner - Action to be take - Outcome