views:

186

answers:

4

Do you use risk analyse methods when starting new projects?

I love when fresh ppl start working at the company, they have so much theory they learn and want to implement when they start to work. Risk analysing, project management, coding standards, documentation standards and so on. (Then the reality hits them, most customers will not pay for all this) ;) But still, i really love the fresh winds and new knowledge they carry with them!

The car industry and i assume a LOT of other industys use risk analysis on daily basis when implementing a new feature or whatever they do.

My experience is that the "risk analysing" I have done in the past was to say "this part is a tricky one, I dont know if it gonna work or not" and "If it does not work this way, we can try that way".

Today I used a risk analyse protocol belonging to the car industry, and I was impressed that it after the meeting singled out the one thing in the project that was most vulnerable. And gave a number of how much attention we should give that feature in the program against all other.

Of course we have done this earlier in projects but then its just called, "What can go wrong in this project" or "What is the obstacles in the project?" not a part of a protocoll that can be meassured between projects and analysed with nubers.

So.. I want to know everything you know about risk analysing. Enlight me!

+2  A: 

I've never been involved in a project that did much formal risk analysis. However; we do slightly less formal risk analysis all the time - we're constantly making lists of things that could blow up in our faces, what we're planning to do to prevent the explosion, and what we will do if we're unsuccessful in preventing it, and it happens.

I've been very impressed with the material in Waltzing With Bears: Managing Risk with Software Projects. They offer a very formal risk analysis process, but their analysis and insights are valuable on much less formal risk analysis, as well.

Jared
Thanks for the input, I hope it will be lots more of that. ;)
Stefan
+1  A: 

There are several types of risk that should be taken into account when approaching a project:

  • Risk of not implementing - The risk posed if the project fails, or if the project is terminated
  • Risk of missed requirements - The risk that requirements will be missed
  • Organizational risk - The risk created by any organizational changes caused by the change

Additionally, there are feature specific risks:

  • Integration risk - The risk that integrating a feature will cause the system to stop functioning properly
  • Regression risk - The risk that the feature will cause other features to not work
  • Security risk - The risk that a feature will not provide adequate protection to the system (introduce an exploit)

In terms of analysis, it is important to identify the project risks qualitatively so that the team is aware of these. They are primarily mitigated by communication plans. For the feature specific risks, it is important to identify the specific risks quantitatively. Typically, the architect should document integration and security risks, and the QA team should be responsible for regression risk. I have found that there really are no tools that can do this as well as a good team that communicates well.

Michael Meadows
Do you really do that analyse in live projects or before starting new projects or implementing new functions? Its one thing to "know" and one thing to "do"...My feel is that the risk analyse is not used as a tool, its just guessing what can go wrong and no analysing.
Stefan
Even (or especially) in the more agile methodologies, it is important to understand risk before implementing. If you don't have a handle on your risk, you can't mitigate and will be forced to react instead of plan.
Michael Meadows
A: 

Risk analysis is a fancy way of saying "covering my arse when things go tits up", and as such is an excellent way of dodging blame when things don't work out as planned (which, in software engineering, is pretty much always).

Risk Analysis: Point out all the things that can go wrong, write them up in a pretty .pdf, and send them to your pointy haired bosses.

Fergie
I strongly disagree. A Risk analyse will not be used against a customer. You use it internally to find weak links and to focus on parts of the project where you dont have full control. You can use it to prepere resources and also maybe choose to buy a component when not having knowledge at site.
Stefan
I actually disagree with Fergie and Stefan. In "Waltzing", the authors point out that the responsiblity for manging a risk should fall on the person who would pay the price if it manifests - some should fall to customers, other to internal staff....
Jared
@Jared, it seems like a valid point at first, but i kind of disagree if I understand you right. The work of handling a risk must be owned by the person/team who has the power to reduce the risk. Its no point to give responsibility to someone who has to pay if it occurs but has no power to fix it.
Stefan
+1  A: 

I do risk analysis all the time - both formally and informally (when assessing, for instance, if a bug needs to be fixed).

It's an excellent tool to give appropriate attention to the appropriate issues, avoid paranoia about some aspects of the project (sometimes, we lose perspective and worry about the wrong things), and make difficult decisions when you have limited resources.

It doesn't have to be extremely formal or time-consuming. When you get down to it, our method is simply to ask:

  • "what's the probability of this occurring?"
  • "what's the impact if this occurs?"
  • "how well will we be able to handle the problem?"

You give a score from 1 to 10 to all criteria, multiply them, and take preventive care of risks in decreasing order (we also have a threshold above which a risk is considered unacceptable and must be mitigated).

You might also add a fourth question on how much it costs to reduce the risk at the source (being in the medical industry, we don't: a risk that's considered unacceptable for the patient's health must be lowered, regardless of the cost, or that feature must be dropped)

Kena
Please tell more of how you are using this in the organisation. Ill accept your answer as the "correct" answer, not because of its the only right answer, only for its the first answer that satisfy me. ;) There are more versions and solutions I love to hear so dont let it stop here bacuse of that
Stefan
We do formal risk management reviews at some point during the project - close to the point where the specs will be completely frozen - with all the project's stakeholders. But we also use the tool on a daily basis whenever we have to take a decision that could affect the risk of the project.
Kena