General Principles of Intellectual Property: Concepts of Intellectual Proper...
Software Risk Management.pptx
1. Risk Analysis & Management
Priyajit Sen
Assistant Professor
Department of Computer Application
MAKAUT, W.B., India
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
2. What is risk?
A risk is a potential problem that might happen and might not. It can be
conceptually defined as concerns of future happenings that involve
change in mind, option, actions, places, etc.
Basic Characteristics of Risk:
Uncertainty:- It may or may not happen, that is there is no 100%
guarantee of risk becoming true.
Loss:- If the risk becomes true then unwanted consequences or
losses may occur.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
3. What is risk management?
Risk Management is a process of thinking systematically about all
possible risks, problems or disasters before they happen and setting up
procedures that will avoid the risk, or minimize the impact, or cope
with its impact.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
4. Types of Risk:
Reactive:- A response based risk management approach, which is
dependent on accident evaluation and audit based findings.
Proactive:- Adaptive, closed loop feedback control strategy based on
measurement, observation of the present safety level and planned
explicit target safety level with a creative intellectuality.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
5. Purpose of Proactive and Reactive Risk Management:
Reactive risk management: Reactive risk management attempts to
reduce the tendency of the same or similar accidents which happened in
past being repeated in future.
Proactive risk management: Proactive risk management attempts to
reduce the tendency of any accident happening in future by identifying
the boundaries of activities, where a breach of the boundary can lead to
an accident.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
6. Difference between Proactive and Reactive Risk Management
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
7. Categories of risk
Project risk:- Risk that affect the project schedule or recourse. An example
of a project risk is the loss of an experienced designer. Finding a replacement,
may take a long time and consequently, the software design will take longer to
complete.
Product Risk:- Risk that affect the quality or performance of the software
being developed. An example of a product risk is the failure of a purchased
component to perform as expected.
Business Risk:- Risk that affect the organization developing or procuring the
product. For example, a competitor introducing a new product. The
introduction of a competitive product may mean that the assumption made
about the sales of existing software products may be unduly optimistic.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
8. Process of Risk management
Risk Identification: Identity possible project, product and business risks.
Risk Projection: Assessment of the likelihood and consequences of these
risks.
Risk Mitigation: Plan to address the risk, either by avoiding it or minimize
effects on the project.
Risk Monitoring: Regularly assess the risk and the plan
revise these when we learn more about the risk.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
9. Process of Risk management
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
10. Risk Identification
Basically, there are six types of risks.
Organizational Risks: Drive from the organizational environment where the
software is being developed.
Tools Risks: Drive from the software tools and other supporting software
used to develop the system.
Requirement Risks: Drive from changes to the customer requirements and
the process of managing the requirements change.
Estimation Risks: Drive from the management estimates of the resources
required to build the system.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
11. Risk Projection
The likelihood of a risk coming true(r).
The consequence of the problems associated with that risk(s).
Based on these two factors, the priority of each risk can be computed
as:
p = r * s
Where p is the priority with which the risk must be handled, r is the probability of
the risk becoming true
and s is the severity of damage caused due to the risk becoming true.
If all identified risks are prioritized then most likely and damaging risks can be
handled first and more comprehensive risk abatement procedures can be designed
for these risks.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
12. Risk Refinement:
This general condition can be refined in the following manner:
Sub-condition 1: Certain reusable components were developed by a
third party with no knowledge of internal design standards.
Sub-condition 2: The design standard for component interfaces has not
been solidified and may not conform to certain existing reusable
components.
Sub-condition 3: Certain reusable components have been implemented
in a language that is not supported on the target environment.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
13. Risk Mitigation
Avoid Risk: The probability that the risk will arise will be reduce. It may
take several forms such as discussions with the customer to reduce the
scope of the work, giving incentives to engineers to avoid risk of man
power turn over, etc.
Transfer Risk: This strategy involves getting the risky component
developed by third party or buying insurance career, etc.
Risk Reduction: This involves planning ways to contain the damage due
to a risk. For example, if there is risk that some key personnel might
leave, new recruitment may be planned.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
14. Risk Monitoring & Management
Risk monitoring and management is the process of checking that our
assumptions about the project, product and business risks have not
changed.
We should regularly assess each of the identified risk to decide whether
or not that risk is becoming more or less probable.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
16. Safety Critical Software
Primary safety-critical software: Malfunctioning of this kind
of software could cause direct human or environment damage.
Secondary safety-critical software: Malfunctioning of this
software could cause indirect human or environment damage.
For example if a drug dispensing machine gave out the wrong
drugs to someone, the system itself would not cause damage, but
it would be the reason that damage was caused.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
18. Industry Analysis Techniques:
A number of hazard analysis techniques have been developed in order to fully
understand and
resolve these hazards.
An example of this is the STAMP technique which was developed at MIT, and
is not only for hazard analysis, but also considers organizational factors and
the dynamics of complex systems.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
19. STAMP has five steps:
1. Identify the system hazards: identify all of the potential hazards in a system and
expand on them to find rough solutions
2. Identify safety related requirements and constraints: In order to remove the
hazard what are the constraints
3. Define the basic system control structure: Define who is in control at the time
of the potential hazard
4. Identify inadequate control actions that could lead to a hazard: Find out how the
system reaches the hazardous state using the control structure.
5. Determine what constraints could be violated and eliminate, prevent or control
them through the system design
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
20. Project Scheduling and Techniques:
Break down each activity into tasks.
Determine the dependency among different tasks.
Establish the estimates for the time durations necessary to complete the tasks.
Represent the information in the form of an activity network.
Determine task starting and ending dates from the information represented in
the activity network.
Determine the critical path. A critical path is a chain of tasks that determines
the duration of the project.
Allocate resources to tasks.
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
31. Project Parameters for Different Task:
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
32. (ES, EF)
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
Specification
(0,15)
Design Database
(15,60)
Design GUI
(15,45)
Write User
Manual
(15,75)
Code Database
(60,165)
Code GUI
(45,90)
Integrate and
Test
(165,285)
Finish
(285,285)
** Highest Earliest Finish to its Next Earliest Start
33. (LS, LF)
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
Specification
(0,15)
Design Database
(15,60)
Design GUI
(90,120)
Write User
Manual
(225,285)
Code Database
(60,165)
Code GUI
(120,165)
Integrate and
Test
(165,285)
Finish
(285,285)
** Lowest Latest Start to its Previous Latest Finish
35. Showing the Critical Path:
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
Specification
(0,15)
Design Database
(15,60)
Design GUI
(90,120)
Write User
Manual
(225,285)
Code Database
(60,165)
Code GUI
(120,165)
Integrate and
Test
(165,285)
Finish
(285,285)
** The blue line shows the Critical Path. Note that the slack time is zero for these
phases.
36. Gantt chart:
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
• Gantt Chart first developed by Henry Gantt in 1917.
• Gantt chart usually utilized in project management, and it is one of the most
popular and helpful ways of showing activities displayed against time.
• Each activity represented by a bar. Gantt chart is a useful tool when you
want to see the entire landscape of either one or multiple projects.
• It helps you to view which tasks are dependent on one another and which
event is coming up.
38. PERT Chart:
Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
PERT is an acronym of Programme Evaluation Review Technique.
In the 1950s, it is developed by the U.S. Navy to handle the Polaris submarine missile
programme.
In Project Management, PERT chart represented as a network diagram concerning the number
of nodes, which represents events.
The direction of the lines indicates the sequence of the task. In the above example, tasks
between "Task 1 to Task 9" must complete, and these are known as a dependent or serial task.
Between Task 4 and 5, and Task 4 and 6, nodes are not depended and can undertake
simultaneously. These are known as Parallel or concurrent tasks. Without resource or
completion time, the task must complete in the sequence which is considered as event
dependency, and these are known as Dummy activity and represented by dotted lines.
40. Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
PERT vs Gantt Chart:
PERT charts are network diagrams that use boxes to represent tasks and
arrows to present dependencies between tasks. The boxes are laid out from
left to right, but there is no fixed Y-axis with dates. The first box, or root, is
centered vertically on the left side, and the subsequent tasks can be drawn
anywhere along the Y-axis. Arrows can point to the right, up or down, but
never to the left.
Gantt charts are bar graphs. The X-axis contains dates and the Y-axis lists
separate tasks. On each line of the Y-axis, the chart depicts a bar positioned to
extend from the task’s start date to its end date. Tasks are listed in the start-
date order.
41. Priyajit Sen, Department of Computer Applications, MAKAUT,
W.B., India
Gantt chart PERT chart
Gantt chart is defined as the bar chart. PERT chart looks similar to a network diagram
Gantt chart was developed by Henry L. Gantt.
PERT chart was developed by the United States
navy.
Gantt chart is often used for Small Projects
PERT chart can be used for large and complex
Projects
Gantt chart focuses on the time required to
complete a task
PERT chart focuses on the dependency of
relationships.
Gantt chart is simpler and more straightforward
PERT chart could be sometimes confusing and
complex but can be used for visualizing critical
path
Contd…