Analyzing and Quantifying Risks

Analyzing and Quantifying Risks

There are some old and new risk analysis tools and techniques to use. The previously discussed tools for analyzing the identified risks are:


    1.  Offer risk analysis ideas without judgment or evaluation

    2.  Build on ideas offered

    3.  Repeat until all ideas on risk analysis are exhausted

  Delphi method

    1.  Select a panel of experts (isolated from each other and unknown to one another)

    2.  Prepare and circulate a questionnaire about a risk

    3.  Solicit risk handling approaches and opinions

    4.  Share all responses and statistical feedback with entire group

    5.  Repeat until there is convergence on a consensus approach

New analysis techniques that project managers and teams can use for risk analysis are:

  Sensitivity analysis

    1.  Choose a few variables with big impact to the plan

    2.  Define a likely range of variation

    3.  Assess effect of changing them on project outcome

  Probability analysis

    1.  Similar to sensitivity analysis

    2.  Adds a probability distribution for each variable, usually skewed to eliminate optimism

  Monte Carlo simulation

    1.  Similar to probability analysis

    2.  Assign randomly chosen values for each variable

    3.  Run simulation a number of times to get a probability distribution for the outcome

    4.  Produces a range of probabilities for the outcome

  Utility theory

    1.  Comprehends decision maker's attitude toward risk

    2.  Viewed as theoretical

    3.  Represented in "What Is Risk Management" Figure 3

  Decision tree analysis

    1.  Graphical method

    2.  Forces probability considerations for each outcome

    3.  Usually applied to cost and time

The analysis techniques lead directly into the quantification of the risk - assigning a numeric value to an individual, cluster, or class of project risk. The project manager must keep in mind the one, most critical aspect of risk quantification. All of the numeric values are derivatives of best estimates, also known as guesses. Since the time at which these risks are expected to occur has not yet arrived, there is no certain knowledge of what, if any, impact the risk will really have on the project. The job here is to quantify the relative risk of one compared to many and predict its impact on the project.

Quantification starts with computing the project's exposure to the identified risks through calculation of the risk exposure factor. "What Is Risk Management" Figure 4 represents the risk exposure formula that is applied to each high-priority risk on your project. The formula can be applied to all risks, but in fact only the highest priority risks need the added attention and quantification of risk exposure calculation.

Probability used in conjunction with decision trees provide a mechanism for quantifying risk of multiple alternatives. For instance, if there is a $100,000 bonus for being early with an aggressive schedule (only 18 percent chance of attainment), but a $250,000 penalty for being late with any schedule (being conservative gives a 90 percent chance of being on time or early), should we pursue an aggressive or conservative schedule?

The decision tree example in Figure 1 shows that by choosing an aggressive schedule the potential for risk is a loss of $180,000, while the conservative schedule shows a loss of only $25,000. In this situation the project manager needs to work on reducing the risk further on the conservative schedule.

Decision Tree Example

Developing and Controlling Risks

The following are examples of key engineering development risks and treatments:

1.   Unrealistic budget and schedule

      o  Track all estimates and actuals; understand the team's performance level;

      o  Understand how all team members' time is spent - there are always overhead activities in any organization;

      o  Don't allow the client to talk you into an unrealistic estimate.

2.  Personnel shortfalls

      o  Plan for training in areas needed for the project;

      o  Establish a learning pattern for team members throughout the project's life;

      o  Cultivate teaming relationships with knowledgeable parties.

3.  Developing wrong capabilities

      o  Insist on meeting with the customer;

      o  Prototype and demonstrate planned approaches.

The project risk management plan will include all the identified risks and mitigation plans where appropriate. The risk response development can handle identified risks in three ways:

1.  Accept - do nothing. Accept consequences in an active or passive fashion.

2.  Transfer. Move the loss to a third party through a contract, get a warranty, or buy insurance.

3.  Mitigate. Reduce the impact or probability by using contingency planning or a reserve, or eliminate the cause by using alternative software development strategies.

Prepare appropriate responses for each risk item by answering these questions:

1.  Who is responsible for the action?

2.  When is the action due?

3.  What is the metric to watch?

4.  What is the metric trigger value?

Table 1 shows a risk response table for the top ten project risks. Each risk has an identifier and a description. The metric value to watch is shown along with the trigger. For each risk, the value exceeds or is equal to the trigger. This type of table should be reviewed on no less than a weekly basis.

Risk Response Table

Risk response management requires a regular review of all risks for changes. The top ten risks are reviewed on at least a weekly basis. They may be the same as the risks on the response table, as shown in Table 2. The difference in the two tables is that probability and loss are shown as the components of the risk exposure.

Top Ten Software Project Risks


project risk, risk quantification, conservative schedule
The contents available on this website are copyrighted by TechPlus unless otherwise indicated. All rights are reserved by TechPlus, and content may not be reproduced, published, or transferred in any form or by any means, except with the prior written permission of TechPlus.
Copyright 2018 SPMInfoBlog.
Designed by TechPlus