university of sunderland comm80 risk assessment of systems changeunit 13 overview of riskit*: the...
TRANSCRIPT
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Overview of Riskit*: Overview of Riskit*: The Method and its TechniquesThe Method and its Techniques **Further information available from www.rdware.comFurther information available from www.rdware.com
COMM80: Risk Assessment of Systems Change
Unit 13
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Objectives of Objectives of Session CoverageSession Coverage
• To understand the fundamental principles of Riskit, and its systems change perspective.
• To understand the distinction between a Method and a Technique
• To discern the link between the method’s framework and the generic risk framework
• To appreciate the range of techniques used and phases when used.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Fundamental Fundamental principles of Riskitprinciples of Riskit
• Aimed at controlling risk during systems development.
• All stakeholders within a project should have input.
• Difficult to evaluate risks quantitatively:– therefore need to cater for qualitative risk
assessment.
• Participant communication is essential.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Method versus Method versus TechniqueTechnique
• Riskit is a method for risk analysis and management. It contains many techniques.
• Methods provide frameworks and procedures (or process models) to follow to help achieve some end.
• Techniques are small scale approaches that enable you to do some small scale task.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Riskit: Part 1Riskit: Part 1
Method
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
The Riskit Method and its Life The Riskit Method and its Life CycleCycle
The focus in typical
risk methods
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Components of Components of Each StepEach Step
• Description:• Entry Criteria• Input: • Output: • Methods and tools: N.B. in the term
defined earlier these are techniques• Responsibility:• Resources: • Exit Criteria:
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk Management Risk Management MandateMandate
•Entry Criteria: • Project planning has been initiated OR Stakeholders
have changed OR Project's overall risk level has changed OR Stakeholders' risk tolerance has changed.
•Input: • Project authorisation information: goals, resources,
schedule, budget. Organisation's risk management
policy and practice.•Output:
• Risk management mandate.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk Management Risk Management MandateMandate
•Methods and tools:• Risk management mandate template.
•Responsibility• Project owner or Project manager.
•Resource: • Project owner or Project manager.
•Exit Criteria: • Risk management mandate documented and
approved.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Goal ReviewGoal Review
•Entry Criteria: •Project planning has been initiated OR New goals or stakeholders have been identified OR A change in goals or stakeholders has been identified.
•Input: •Project authorisation information: goals, resources, schedule, budget. Risk management mandate.
•Output:•Goal Definitions.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Goal ReviewGoal Review
•Methods and tools: •Goal-Question-Metric (GQM), Stakeholder-goal priority table, goal definition template.
•Responsibility: •Project manager.
•Resource: •Project owner, project stakeholders, project personnel.
•Exit Criteria:•Goals are explicitly documented and participants agree with their definition.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk IdentificationRisk Identification
•Entry Criteria: •Project planning has been initiated OR•New goals or stakeholders have been identified OR•A change in goals or stakeholders has been identified. OR•The time interval specified in the risk management mandate has elapsed. OR•A significant change in the project's situation has been detected.
•Input:•Project authorisation information: goals, resources, schedule, budget.•Risk management mandate. Risk checklists: general (e.g. from literature) or organisation specific. Lessons learned from other
projects.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk IdentificationRisk Identification
•Output: •A "raw" numbered list of risks.
•Methods and tools: •Brainstorming techniques, goal and stakeholder driven identification
approaches, meeting aids, interviews.•Responsibility:
•Project manager.•Resource:
•Project personnel, risk management facilitator.•Exit Criteria:
•The marginal yield of risk identification approaches zero even when identification techniques are changed, OR•Time or effort allocated for risk identification runs out.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk AnalysisRisk Analysis
•Entry Criteria: •Potential new risks are identified.
•Input: •List of risk items.
•Output: •A prioritised list of risk scenarios.
•Methods and tools: •Riskit analysis graph, multiple criteria decision making tools (such as Analytical Hierarchy Process), Riskit Pareto ranking technique, risk clustering.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk AnalysisRisk Analysis
•Responsibility: •Project manager.
•Resource: •Selected project personnel, risk management facilitator.
•Exit Criteria: •Participants agree on the priority of the most important risks.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk Control Risk Control PlanningPlanning
•Entry Criteria:•Important risk scenarios have been identified.
•Input:•Partially prioritised risk scenarios.
•Output: •Selected risk controlling actions. Risk monitoring metrics.
•Methods and tools: •Risk element review, Riskit controlling action taxonomy.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk Control Risk Control PlanningPlanning
•Responsibility: •Project manager.
•Resource: •Project personnel, risk management facilitator.
•Exit Criteria:•All selected risk scenarios have been addressed.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk ControlRisk Control•Entry Criteria:
•A risk controlling action has been selected for implementation.•Input:
•Selected risk controlling actions.•Output:
•Implemented risk controlling action. Problems reports if problems arose in implementation
•Methods and tools: •NA
•Responsibility: •Project manager.
•Resource: •Project personnel, external resources as needed.
•Exit Criteria:•Selected actions have been implemented
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk MonitoringRisk Monitoring•Entry Criteria:
•Project has started. The process may be enacted on predefined frequencies.
•Input:•Definitions for risk monitoring metrics. Risk management mandate. Goal definitions. Riskit analysis graphs.
•Output•Status reports.
•Methods and tools•Organisation measurement program or database.
•Responsibility•Project manager.
•Resource•Project personnel.
•Exit Criteria•Project has been concluded or terminated.
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Riskit: Part 2Riskit: Part 2
Techniques
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Steps TechniquesRisk managementmandate definition
Risk management mandate template.
Goal review Goal-Question-Metric (GQM), Stakeholder-goalpriority table, goal definition template.
Risk identification Brainstorming techniquesGoal and stakeholder driven identification approachesMeeting aidsInterviews
Risk analysis Riskit analysis graphMultiple criteria decision making tools (such as AHP)Riskit Pareto ranking technique
Risk control planning Riskit element reviewRiskit controlling action taxonomy
Risk control NARisk monitoring Organisation measurement program or database
Techniques in RiskitTechniques in Riskit
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
FeaturesTechniques
strategic detailed Riskitdefined
generic
Goal-Question-Metric (GQM) Brainstorming techniques Goal and stakeholder driven identification Meeting aids * * Interviews Riskit analysis graph Multiple criteria decision making tools * * (e.g. AHP)
Riskit Pareto ranking technique Riskit element review Riskit controlling action taxonomy Organisation measurement program orDatabase
Summary of Techniques
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Goal and stakeholder Goal and stakeholder driven identification driven identification
Stakeholders
Goals
Stakeholder A
Priority: 1
Stakeholder B
Priority: 1… Stakeholder n
Priority: 3
Goal 1 1 4 … -
Goal 2 2 - … 1
Goal 3 3 2 … 4
… … … … …
Goal m 5 3 … 2
•A simple technique to rank the identified goals within each stakeholder.
•N.B. Comparison cannot be made across rows (or goals)
•Different stakeholders may be of different priority/importance in the project .
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk Analysis GraphRisk Analysis Graph(example from the Riskit Manual)(example from the Riskit Manual)
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
RiskScenario probability
Utility lossRank1
(e.g. almostcertain., 0.9)
Rank2(e.g. very
likely, 0.75)
Rank3(e.g.likely,
0.6).
… Rank n(e.g. almost
impossible, 0.1)
Rank1(e.g.
catastrophic)
Scenario1 Scenario2…
Rank2(e.g. critical)
Scenario4 Scenario3…
Rank3(e.g. severe)
Scenario5 Scenario6…
… … … … … …
Rank m(e.g. minimal)
Scenario7…
Risk scenario ranking:Risk scenario ranking:Using Pareto-efficient setsUsing Pareto-efficient sets
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Risk element reviewRisk element review
University of Sunderland COMM80 Risk Assessment of Systems Change Unit 13
Riskit Riskit controlling controlling
action action taxonomy.taxonomy.