Week 4 – Risk Handling & Monitoring. Risk Handling & Monitoring Proactively handle/monitor all...
-
Upload
leona-fowler -
Category
Documents
-
view
215 -
download
0
Transcript of Week 4 – Risk Handling & Monitoring. Risk Handling & Monitoring Proactively handle/monitor all...
Week 4 –Risk Handling &
Monitoring
Risk Handling & Monitoring Proactively handle/monitor all Medium
& High risks Beneficial to handle/monitor Low risks
if Low risk rating was recently assigned Considerable development activity
remains Other systems/processes still in
development could affect this issue Final integration & test is not complete
Risk Handling Process that identifies, evaluates,
selects & implements options to set risk at an acceptable level
Goal: Identify appropriate management activities To reduce the likelihood of an event
occurring To reduce the severity of
consequences if event occurs
Risk Handling Actions
Reduce uncertainty as a result of handling actions
Handling actions address Specific events schedules Success criteria
Handling Actions are Proactive
Identify specifically Handling options for each risk event How to deal with the risks if realized When to act Who is responsible Identify cost & schedule impact of
handling actions
Risk Handling Options
Avoidance Assumption Control Transfer
Select based on level of acceptable risk
Selecting Handling Strategy
Evaluate each risk event for Feasibility of handling option Cost & schedule implications of option Potential impact to system technical
performance Consider secondary risk impacts
Inputs to Selecting Strategy Prioritized risk list Causes of each risk Requirements, contract provisions Probabilities of achieving cost &
schedule objectives Potential risk responses Trends in qualitative & quantitative
risk analysis results
Structured Risk Handling
Select risk handling strategy/option
THEN determine the implementation activity Tendency to select activity without
evaluating all options If high risk, may have back-up
handling strategies
Risk Handling Tools
Program risk handling audit Periodic program risk reviews Earned value analysis Technical performance
measurement Additional risk handling planning
Risk Avoidance Eliminates sources of high risk, replaces
with lower risk alternatives Approach
Apply early in program Change concept, specifications, practices Re-evaluate operational requirements
Remove if no strong basis Cost-effectiveness trade-studies
Cost As an Independent Variable (CAIV)
Risk Avoidance Requires understanding of priorities
& constraints May be appropriate to:
Reduce scope to avoid high-risk activities
Add resources or time Use familiar approach vs. untested Avoid a sub with insufficient experience Choose spiral development approach
Risk Avoidance Pitfalls
May discourage life cycle risk management
Using to reduce requirements should be a last resort
Risk Assumption
Acknowledge existence of a specific risk & consciously accept it Risks may be inherent Residual risks - result from other
control actions Best suited for low level risks
Successful Risk Assumption
Contingency plans Identify resources & actions for
overcoming if event happens Have administrative plans/contracts
ready to activate Set aside schedule & cost reserve
If not, may have to lower capability or cancel effort if cannot meet objectives
Risk Assumption Pitfalls Are declaring worst case outcome
as being acceptable level of capability
Difficult to set aside reserve on DoD programs
Requires well-planned monitoring – cannot ignore
Quick reporting of risk event and implementation of actions
Risk Control
Seeks to reduce or mitigate risk Monitors/manages risk
Reduce probability of occurrence Reduce severity of outcome
Most commonly used in defense programs
Common Control Mechanisms
Multiple development efforts Alternative designs Trade studies Prototyping Incremental development Technology maturation Reviews, walk-throughs, inspections
More Control Mechanisms
Design of experiments Open systems Mock-ups Modeling & simulation Demonstration/test events Process proofing
Successful Risk Control
Conduct regular risk reviews Formal agenda Review risks, ratings, prioritization
Audit use of risk control mechanisms
Verify risks are continuously assessed
Risk Control Pitfalls
Control steps require commitment of resources & time
Strike balance between resources req’d and benefit of reduced probability or severity
May increase program costs Potential for secondary effects
Risk Transfer
Reallocation of risk from one part of the system to another or between program entities
System level requirements are still met
Cannot transfer unless recipient has ability to control & manage the risk
Risk Transfer Consideratons
Early in program Net result should be overall reduction
in risk, not just reassignment Valid transfer mechanism – not vengeance Seamless assumption of delegated
activity Not beyond recipient’s ability to handle
Risk Transfer Techniques
In design Modularity Functional partitioning From hardware to software – e.g.,
timing
Risk Transfer Techniques
Between customer & contractor Technology Processing Cost control
warranties performance incentives FFP contracts
Successful Risk Transfer Contractors more suited to accept
risks for Technology Processes
Government better able to affect Funding Schedule External impacts on program
requirements
Risk Transfer Pitfalls
New risk owner lacks ability to handle the risk Either to manage or absorb in
processes Combined risk exposure is not
reduced
Example: Handling Concurrency
What strategies are being used? Insure Adequate Test Resources Are
Available Rapid Corrective Action Process Established Effective Transition to Production Process
Defined Phase Production to Allow for Early Testing Use Modular Designs When Retrofits Are
Expected
Risk Handling Plan Output of risk handling phase Documents the risk actions to be taken
Task descriptions of handling actions Resources required Proposed schedule & relationship to
program milestones Cost impact
Documents ground rules & assumptions
Handling Plan Schedule
Risk Handling Exercise Identify the process steps that should be
taken to develop handling actions for the following to Peace Whey risk events. Select a different handling action for each event.
You have __ minutes for this exercise. Be prepared to present your results.
Tracking id
Criti- cality
Proba- bility
Conse- quence Title Description
R01 H 60% Critical Delay in AJS certification
Weather and test site availablity issues could cause a delay in the Airborne Jamming System being flight certified, delaying further system testing
R02 M 90% Serious Follow-on proposal effort initiated
Key Peace Whey engineers and managers are subject matter experts whose imput is required for successful follow-on proposal effort.
R03 L 40% Minor Increase overhead rates
Loss of business base may increase overhead rates charged against the program in the accounting system causing a reduction in program reserve.
Trade Studies Support functional analyses Allocation of performance requirements Identification of design constraints May be formal or informal
Document formal decisions – e.g., at milestones
Basis for informal engineering choices Cost-effectiveness is a special case
trade study
TS Basic Principles
Criteria are established as the basis for the decision Must have agreed upon approach for
measuring against criteria – why? Results must be easily
communicated to decision-makers
Basic TS Process
Similar to risk management process
Utility Curves Normalize decision factors for comparison Relative factor value as increases across range Shows constant, continuous or stepped values
Decision Matrix Relative values establish weighting
factors for each decision factor
Sensitivity Analysis
Use to determine how solutions change as utility or weighting change Evaluation criteria should be sensitive to
major drivers Involve entire team & customer in
definition process Utility curves & decision matrices are
models – verify, validate, accredit
Trade Study Example Define Study Parameters:
Define decision criteria from requirements, parametric experience, …
Define ranking weights to be used for criteria, ex.0 (not imp.) to 3 (most imp.)
Define range for utility scores, ex. 0 to 10, with 5=exactly meets
Qualitatively or quantitatively evaluate each alternative, assign utility scores
utility
0
1
2
3
4
5
3.85 3.9 3.95 4 4.05 4.1 4.15
weight
uti
lity
+/-
fro
m 'm
eets
'
TS Example
Risk Monitoring Systematically track & evaluate
performance of handling plan Monitor predictors for risk events Monitor status of identified risks Track handling actions Compare predicted to achieved
results Disseminate information Update plan as required
Successful Risk Monitoring Key – Selection of most effective metrics
True state of risk events Status of handling actions
On-going, proactive process Identify new risks & handling options Retire risks as project matures
Keep monitoring progress visible Timely reporting of results An agenda item at management reviews Relate to cost, schedule & performance
objectives
Possible Activities Resulting from Monitoring
Documenting process work-arounds Activating contingency plans Requests for change in program
scope Reassessing risks due to change in
Probability Consequence Program assumptions
Risk Monitoring Outputs Program metrics Technical reports Earned value reports Risk tracking watch list Schedule performance report Critical risk process reports
Establish a reporting frequency
Monitoring
May define color codes for plan tasks
Color Interpretation
Anticipated Probability of
Failure
Blue Task is complete 0%
Green Task is on schedule 10%
YellowTask may not be completed on schedule 50%
RedTask considered non-executable 100%
Monitoring
Status of technical performance measures
Monitoring
Status of earned value cost metrics
Successful Monitoring Attention to risks associated with
program schedule Monitor low risks for changes to status Be aware of trends, continuously
evaluate metrics Indicator system must be accurate,
timely & relevant Recognize project parameters &
assumptions can change
Monitoring Pitfalls Using as a problem solving
technique Ignoring low risks Going on ‘auto-pilot’ Revisit metrics selection for
accuracy, timeliness & relevance Focus on internal environment to
exclusion of external & interface concerns
Risk Monitoring Exercise Identify the process steps that should be
taken to monitor the following to Peace Whey risk events. Relate to the handling actions identified earlier.
You have __ minutes for this exercise. Be prepared to present your results.
Tracking id
Criti- cality
Proba- bility
Conse- quence Title Description
R01 H 60% Critical Delay in AJS certification
Weather and test site availablity issues could cause a delay in the Airborne Jamming System being flight certified, delaying further system testing
R02 M 90% Serious Follow-on proposal effort initiated
Key Peace Whey engineers and managers are subject matter experts whose imput is required for successful follow-on proposal effort.
R03 L 40% Minor Increase overhead rates
Loss of business base may increase overhead rates charged against the program in the accounting system causing a reduction in program reserve.
Next Time: Special Topics
Read Risk Management Guide, sections 5.8, 5.9
Special Topics Software Risk Management Risk Management Tools Commercial vs. DoD Perspective
Final exam, turn in Part II of project