Lecture-09

Risk Analysis

Nahida Islam
Lecturer, Department of CSE
Email: [email protected]
What is Risk?

▪ A risk is a potential problem – it might happen and it might not, this is uncertainty.
▪ The risk may or may not happen. It shows the uncertainty of the risk. When risks
occur, unwanted consequences or losses will occur.
▪ We don’t know whether a particular event will occur or no but if it does has a negative
impact on a project.
▪ An example would be that team is working on a project and the developer walks out of
project and other person is recruited in his place and he doesn’t work on the same
platform and converts it into the platform he is comfortable with. Now the project has
to yield the same result in the same time span. Whether they will be able to complete
the project on time. That is the risk of schedule .
What is Risk?

▪ Risk is the probability of suffering loss.

▪ Risk provides an opportunity to develop the project better.
▪ Risk exposure= Size * probability of (loss)
▪ There is a difference between a Problem and Risk
▪ Problem is some event which has already occurred but risk is something that is
unpredictable
Different Types of Risk
 Different Types of Risk
1. Project Risk
▪ Project risk arises in the software development process then they basically affect budget, schedule,
staffing, resources, and requirement. When project risks become severe then the total cost of project
get increased.
2. Technical Risk
▪ These risks affect quality and timeliness of the project. If technical risk becomes reality then potential
design, implementation, interface, verification and maintenance problem gets created. Technical risks
occur when problem becomes harder to solve. Technical Risks arise when only a part of developers’
team is familiar with the software. Technical risks often root from the following:
✔ Endless changes of requirements for the software
✔ Existing technology required for the development is only in its initial stage with no advanced
technology being available
✔ The project is too complex to implement
 Different Types of Risk

3. Business Risk
When feasibility of software product is in suspect then business risks occur. Business risks can be
classified as follows:
i. Market Risk
When quality of software product built but if there is no customer for this product then it is called
market risk (i.e. no market for product).
ii. Strategic Risk
When product is built and if it is not following the company’s business policies then such product
brings strategic risks.
Different Types of Risk

iii. Sales Risk

When product is built but how to sell is not clear then such situation brings sales risk.
iv. Management Risk
When senior management or the responsible staff leaves the organizations then
management risk occur.
v. Budget Risk
Losing the overall budget of the project called Budget risk.
Different Types of Risk

▪ Known risks are those that are identified by evaluating the project plan. There are two
types of known risk
a. Predictable Risk
Predictable risk are those that can be identified in advance based on past project experience
b. Unpredictable Risk
Unpredictable risks are those that cannot be guessed earlier.
Negative Impact of Risk

▪ Diminished quality of product

▪ Increased cost
▪ Delayed completion
▪ Project failure
 Risk Analysis

▪ It is a systematic process to estimate the level of risk for identified and approved risks.
This involves estimating the probability of occurrence and consequence of occurrence and
converting the result to a corresponding risk.
▪ Risk analysis can be complex, as you will need to draw on detailed information such as
✔ project plans,
✔ financial data,
✔ security protocols,
✔ marketing protocol and forecasts,
✔ relevant information.
Methods of Risk Analysis
Qualitative Analysis

▪ Qualitative risk analysis is the process of rating or scoring risk based on a person’s
perception of the severity and likelihood of its consequences. The goal of qualitative
risk analysis is to come up with a short list of risks which need to be prioritized above
others.
▪ Qualitative risk analysis is best described as a project manager’s first line of defense
against risks. It helps weed out potential detractors to the project’s success, including
risks that are unlikely to cause any severe harm to the project.
▪ By targeting the most dangerous risks first, risk analysis in project management
becomes more efficient and project managers are able to allocate their time and
resources more effectively.
 Qualitative Analysis

▪ Qualitative analysis allows the main risk sources or factors to be identified. This can be
done for example,
✔ Brainstorming Sessions : Brainstorming is a creativity method for developing ideas in a
group. Its essential characteristic is the collection of as many spontaneous utterances in
response to a particular question or problem as possible.
✔ Interviews : Interviews with professionals and other project managers
✔ Checklists :Risk checklists with risk categories and risks
▪ When a qualitative risk analysis is performed, risk rating can be used an indication of the
potential importance of risks on the program and mainly expressed as low, medium, and
high(or Possibly low, medium low, medium, medium high, and high). Lets take
examples which tells the probability of risks.
 Example of Qualitative Analysis

▪ New risk has been identified – Example: When the project began, equipment was in good
condition. The only risk the project manager could identify at the time was the lack of
proper training, as most of the workers did not know how to use equipment safely. The
project manager quickly arranged for the workers to be trained in equipment safety. Yet, as
the workers started to use equipment more frequently, the project manager noticed that it
was no longer in good condition and could malfunction soon.
Quantitative Analysis

▪ Quantitative risk analysis is a numeric estimate of the overall effect of risk on the project
objectives such as cost and schedule objectives.
▪ As part of the overall quantitative risk management process, quantitative risk analysis is
the process of calculating risk based on data gathered. The goal of quantitative risk
analysis is to further specify how much will the impact of the risk cost the business. This is
achieved by using what’s already known to predict or estimate an outcome.
▪ For data to be suitable for quantitative risk analysis, it has to have been studied for a long
period of time or to have been observed in multiple situations. For example, in the past five
projects, equipment type A has broken down after 7 hours of use. With this information, it
can be assumed that if a project requires workers to use equipment type A for 8 hours, then
it has a 100% chance of breaking down.
Example of Quantitative Analysis

▪ Large amount of data on the risk and its impact – Example: In 2020, a construction
company planned on starting a major project in 2021. In preparation for the project, the
construction company began collecting data on the risks they may face, their impact on the
project’s completion, and how much mitigating these risks could cost the company. By
early 2021, the construction company had enough data to perform a quantitative risk
analysis.

▪ Qualitative risk analysis needs to be validated – Example: During qualitative risk

analysis, a project manager scored each risk a 10 on a scale of 1-10, with 10 being
extremely high risk. But the project manager wants to ensure that each risk has an impact
great enough to justify spending time and resources on them.
Quantitative vs. Qualitative
Analysis
Risk Management

▪ The project should be managed in such a way that the risks don’t affect the project in a big
way.
▪ Risk Management is a methodology that helps managers make best use of their available
resources
▪ By using various paradigms, principles we can manage the risks.
 Principles of Risk Management
1. Global Perspective: In this, we review the bigger system description, design, and
implementation. We look at the chance and the impact the risk is going to have.
2. Take a forward-looking view: Consider the threat which may appear in the future and
create future plans for directing the next events.
3. Open Communication: This is to allow the free flow of communications between the
client and the team members so that they have certainty about the risks.
4. Integrated management: In this method risk management is made an integral part of
project management.
5. Continuous process: In this phase, the risks are tracked continuously throughout the risk
management paradigm.
Risk Management Process
Risk Identification

▪ The first and probably the most important step is to identify the risk as fast as you
can. In earlier stages the risks may be easy to eliminate or minimize their impact, but
if you leave those unattended, you may just end up in disaster.
Risk Analysis

▪ After you identify the risk it’s time to analyze it. What stage is the risk in? What is the
nature of the risk? What can you do to eliminate it or maybe make a change in your
plan to avoid it? Also you need to assess the consequences of the risk. What will
happen if you continue with your plan without any changes? What are the chances of
the risk materializing into something harmful?
▪ Try to calculate or estimate every possible outcome and weight everything
accordingly. It’s important to look at both sides of the matter. It’s never a good idea to
avoid each and every risk
Evaluating the Risk

▪ Risks need to be ranked and prioritized from most severe to lowest level of risk.
▪ Risks that can be catastrophic to the organization are ranked highest while risks that
simply just cause an inconvenience are ranked lower on the list.
▪ By knowing the level of the risk and the impact it will have on the organization,
management knows how best to intervene if an when a series of risks occur.
Treating the Risk

▪ Once the risks have been analyzed and prioritized, it is time to take action. Every risk
to the organization or the project needs to either be eliminated or contained. If the risk
treatment is done manually, team members need to contact each stakeholder to discuss
the issues.
Monitor and Review Risk

▪ Unfortunately, there are some risks that cannot be completely eliminated and risk
management isn't something that has a start and finish, or end result.
▪ It is an ongoing process within an organization that is constantly changing. The
organization, its environment, and its risks are constantly changing, so the process should
be consistently revisited.
▪ If an organization gradually formalizes its risk management process and develops a risk
culture, it will become more resilient and adaptable in the face of change.
▪ Monitoring risks also allows your business to ensure continuity.
 Risk Mitigation, Management, and
Monitoring (RMMM)
▪ There are three important issues considered in developing an effective strategy to handle risk:

✔ Risk avoidance or mitigation - It is the primary strategy which is fulfilled through a plan.
✔ Risk monitoring - The project manager monitors the factors and gives an indication whether the
risk is becoming more or less.
✔ Risk management and planning - It assumes that the mitigation effort failed and the risk is a
reality.
The END