Page 178 -
P. 178

CHAPTER 6  RISK ANALYSIS AND MANAGEMENT                            149

                              of occurrence. Drivers for performance, support, cost, and schedule are discussed in
                              answer to later questions.
                                A number of comprehensive checklists for software project risk have been pro-
                “Risk management is  posed in the literature (e.g., [SEI93], [KAR96]). These provide useful insight into generic
                project management  risks for software projects and should be used whenever risk analysis and manage-
                for adults.”
                              ment is instituted. However, a relatively short list of questions [KEI98] can be used
                Tim Lister
                              to provide a preliminary indication of whether a project is “at risk.”

                              6.3.1  Assessing Overall Project Risk
                              The following questions have derived from risk data obtained by surveying experi-
                              enced software project managers in different part of the world [KEI98]. The questions
                              are ordered by their relative importance to the success of a project.

                               1. Have top software and customer managers formally committed to support
                ?  Is the          the project?
                   software
               project we’re   2. Are end-users enthusiastically committed to the project and the
               working on at
               serious risk?       system/product to be built?
                               3. Are requirements fully understood by the software engineering team and
                                   their customers?
                               4. Have customers been involved fully in the definition of requirements?
                               5. Do end-users have realistic expectations?
                               6. Is project scope stable?
                               7. Does the software engineering team have the right mix of skills?
                               8. Are project requirements stable?
                               9. Does the project team have experience with the technology to be
                                   implemented?
               WebRef         10. Is the number of people on the project team adequate to do the job?
               Risk Radar is a risk
               management database  11. Do all customer/user constituencies agree on the importance of the project
               that helps project  and on the requirements for the system/product to be built?
               managers identify, rank,
               and communicate project  If any one of these questions is answered negatively, mitigation, monitoring, and
               risks. It can be found at  management steps should be instituted without fail. The degree to which the proj-
               www.spmn.com/
               rsktrkr.html   ect is at risk is directly proportional to the number of negative responses to these
                              questions.

                              6.3.2  Risk Components and Drivers
                              The U.S. Air Force [AFC88] has written a pamphlet that contains excellent guidelines
                              for software risk identification and abatement. The Air Force approach requires that
                              the project manager identify the risk drivers that affect software risk components—
   173   174   175   176   177   178   179   180   181   182   183