Friday, April 3, 2009

Risk Analysis - Software projects

All of us in the technology industry know at least one "expert" on projects, who has the tremendous ability to come in after the fact and analyze why that particular project failed..these people are omnipresent, omniscient,all knowing people, and are almost always missing during the onset of the project and during crunch time..

I have met a few omnipresent, omniscient software gurus (OOSGs) in my lifetime, and have been scarred by a few of them. There used to be a time when I was in awe of these OOSGs, and have had conversations such as these :)

Me: Sir, why do s/w projects fail?
OOSG: We don't do a good job of analyzing what could go wrong
Me: But Sir, we did do a "decent" job of analyzing what could go wrong. and we even communicated to the stakeholders.
OOSG: HA! and what did they do?
Me(close to tears): They said that I was complaining and being negative and not a team player!
OOSG: You need a RISK MANAGEMENT PROCESS! Don't you already have one??
Me: Yea, but we don't have time to spend on Risk Management when the project is failing and is in crunch mode!
OOSG: True, True! Oh well, nothing you can do then..you want to buy me a beer and complain a little more??

So, recently I decided to try to put together a simple risk analysis and management process. I came up with something, presented it to management and got their feedback. Funnily enough, it was very well received ..I have tried to reproduce a HIGHLY condensed version of it here..

RISK ANALYSIS and MANAGEMENT

Step 1: Don't think about RISKS!!
Just analyze if any of the classic mistakes apply to your project. Put a check mark against all of them that apply. (Thanks to Steve McConnell's website)

Step 2: Now, think about what might happen to the project as a result of these classic mistakes??
Ha! Now you have your risks.

Step 3: Classify these "risks" as "Highly probable" -> "Not probable" with appropriate classifications along the way.
Do this based on the occurance of the origin of the risk, in other words, the classic mistake. If the mistake has already occurred, there is a high probability of the risk and so on..

Step 4: Analyse what it will take to "FIX" the risk. Throw more people, push the schedule out, get drunk and bitch about it, whatever.

Step 5: How much will step 4 COST?? and plug in the probability of occurrence.

Step 6: Now, Stop!! Take a step back and determine the relative cost of this risk to the overall project cost. Based on this percentage, classify the impact to the project as HIGH, MEDIUM, LOW whatever.

Step 7. Communicate the risks to anyone involved, starting with the causes. If this doesn't get management's attention, get a new job.

Step 8: After a successful project deployment, celebrate with the OOSG and have him buy you the beer!

No comments:

Post a Comment