Slide 1

Lecture 4Risk Identification1Meaning of Risk Identification2What is commonly understood as risk identification has two aspects.Firstly we have to pick up risks by locating them where they are hidden.Secondly to recognize the risks, name them, & assign attributes.

Sometimes we see risks but they are masked and escape,At other times we see risks but they are amorphous. Meaning of Risk Identification3One reason for difficulty is Myopia, Our vision is narrow and limited.

In risks identification, we need to see all the avenues, search all processes & consider all factors.

Risk MyopiaMeaning of Risk Identification4Definition:

Risk identification is a process of searching the environment, detecting risks, recognizing their attributes and estimating their consequences

Meaning of Risk Identification5Risks identification results in creation of validated risk list.

The risk identifier tries to give minimum set of risk information, can find more attributes late, for risks analysis.

Well conducted risk identification involves preliminary analysis and add much more value to risk data.Risk Identification Methods6There are two types of risk identification methods:

Type I:A generic, open-ended method. It search in internal & external environment, goes beyond the project and cover the health of entire business.

Type II:Search for risk within a tightly held context and focuses on risks related to delivery. Its a formal method. Risk Identification Methods7Type (I) Risks:

It includes Intuitive methods, are necessary to discovery risks unknown up to now.

Other is History-based methods, put known risk taxonomies & lists to fresh use now.Type (I) Risks:8Intuitive Methods:Mind Mapping,BrainstormingOut-of-the box thinkingAnalogy

History-Based Methods:Top ten risksRisk Check listTaxonomy-based Questionnaire Type (I): Intuitive Methods9Mind Mapping:

At center of risk discovery, we have the mind-mapping process.

Mind recognizes risks symptoms by mapping familiar symptoms to future troubles.Sometime is based on lessons learned or sometimes its innovative.

How mind creates a map? is beyond conventional logical methods.

All be sure is that the enquiring minds finds relations, should they exists?

Type (I): Intuitive Methods10For e.g. PM looks at SRS detects certain kinds of language errors, and suspects that the project may end up in trouble.

He Maps linguistic problems to project delays.

Type (I): Intuitive Methods11Brainstorming: Group thinking, with cross fertilization of ideas, aided with creativity & mind mapping.Is most useful in identifying unknown and hidden risks.

Teams have found more risks than those found by any individual.

The brainstorming sessions can start with well-defined subject & plan to identify risks.

All planning documents and standards provide valuable help to a team so as not to miss the details & yet stay focused. Type (I): Intuitive Methods12Out-of-the-box thinking:

We can see risks, better if we stand out of the box and take an external & holistic perspective of the situation.

The risk identifier must learn to look from new perspectives.

Thinking in terms of alternatives requires creative ability and breaking away from habits and rituals Type (I): Intuitive Methods13Analogy:Experienced people, managed several projects, develop sensitive skills to detect risk.

The known risks are logged somewhere in their brains, all they have to allow mapping between new situation & corresponding situation in the past.

If the two process, familiar and the new, are analogous, risk types may repeat.An advantage that we can also reuse, risk identification methods, their symptoms may be similar.

Type (I): History-Based Methods14Top Ten RisksRisk List published by authors & researchers can play a major supportive role in risk identification. So this can be use as cross-reference document.

Most of the significant risks, can be identified by reviewing the project, from the perspective of published risk lists:Caper Joness software risks Rex Blacks quality risksSEIs risk taxonomy Popular top ten risksType (I): History-Based Methods15Caper Joness software risks:Approaches risk management like diseases, presents a set of risks, or symptoms as medical practitioners identify health risks.Here is a selection of risk from his list:

Artificial maturity levels,Crowded office conditions,Canceled projectsError-prone modules,Corporate politics, Excessive paper-worksCost overrunsExcessive schedule pressureCreeping user requirement,Excessive time to market.Type (I): History-Based Methods16Caper Joness software risks:Jones opened new lines of thinking, by proposing certain sensitive risks. For example:Caper presenting software metrics as major risk in project. As many things go wrong by measuring the wrong factors & missing the right ones.

They include insufficiency, excesses, and inaccuracies.

His list is quite comprehensive , cross-checking your project against this list, could be life-saver.

Type (I): History-Based Methods17Rex Blacks risk list: Rex Black records a set of failures as quality risks.

FunctionalityLoad, capacity & volume Reliability/ stabilityStress, error handling & recoveryDate & time handlingOperations & maintenanceData qualityPerformanceLocalizationCompatibilitySecurity/PrivacyInstallation/migrationDocumentationInterfacesType (I): History-Based Methods18Rex Blacks risk list:

These are quality attributes of product, & play a role in managing the product quality.

They are also known as failure modes according to FMEA(failure mode effects analysis) practice. And become key points for reliability analysis and preventive actions

Type (I): History-Based Methods19SEIs Risk lists:

List published by SEI, under the name of risk taxonomy, is very useful tool for risk identification.

It cover three categories of risk, Product Engineering Risk,Development Environment Risk,An Program Constraint RiskType (I): History-Based Methods20Popular top ten risk:

Risk identified by researchers can be used by project teams to see same risks are present in their own projects.

Risks may not be present in the same form but may be in some other form.

Type (I): History-Based Methods21Risk Checklist:

Organizations collective experience in risk identification is used to design the risk checklists.

The checklist is prepared with symptoms, clues or simply names of known risks.

It is used as a guide to look for risks, having special risk checklist for each phase and process.Type (I): History-Based Methods22Taxonomy-Based Questionnaire:

SEI proposes a taxonomy based questionnaire (TBQ) as a formal & structured way of identifying risks,

SEI claims this methods as effective & efficient, because feedback from all participants.

It appeared that all known and communicated project risks were float up.

Type (I): History-Based Methods23Taxonomy-Based Questionnaire:

Risks are viewed through windows of known risk type, making identification of risks faster & more economical.

The risk identifier can make sure he has not missed known areas. TBQ is a process of guided inquiry.