SUBJECT SEMINAR
ON
“SOFTWARE ENGINEERING”
SUBJECT TOPIC
“RISK ANALYSIS AND MANAGEMENT”
Presented by:
ANOOP GANGWAR
([email protected])
SRMSCET , BAREILLY
MASTER OF COMPUTER APPLICATION (5th Semester)
CONTENTS:What is Risk ?
Risk Analysis.
Risk Management.
Methods and tool used in Current Industry.
Conclusion.
Risk: What is it?
The probability of an adverse
event and the magnitude of the
consequences…
Risk is measurable, objective, and
based on fixed criteria
WHAT IS RISK ?
Risk:
Definition:
* Risk is an event that threatens the accomplishment of one or
more future goals or objectives
* A Risk is described by the likelihood that an event will occur
and the severity of the consequence of that event should it occur.
* Risk is about a possible future event and is often confused
with issues and problems. If the likelihood is certain or near
certain, then it is not a risk
Elements of risk
 Probability (or likelihood, chance)
 Consequences (or impact)
 Uncertainty
 Ability to manage
There must be a potential ‘hazard’ for
risk to exist
Different Types of Risk
• Performance Risk
– Technical risks, normally tracked using technical
performance measures. Inability to achieve technical
requirements.
• Schedule Risk
– Unforeseen delays in completing tasks.
• Cost Risk
– Unforeseen cost overruns, often associated with
performance and schedule risks.
• Project Risk
– The potential of an adverse condition that will cause the
project to not meet customer expectations
So, What is Risk Analysis?
• A systematic way of gathering,
evaluating, and recording information
leading to recommendations for a
position or action in response to an
identified hazard
Why do Risk Analysis?
Before you can manage something
you must be able to measure it
Risk Analysis should:
• Identify hazards
• Characterize risks
• Recognize uncertainty
• Summarize conclusions
• Recommend options
• Document the basis for decisions
Basic Risk Analysis Structure
• Evaluate
–
–
–
–
Value of computing and information assets
Vulnerabilities of the system
Threats from inside and outside
Risk priorities
• Examine
– Availability of security countermeasures
– Effectiveness of countermeasures
– Costs (installation, operation, etc.) of countermeasures
• Implement and Monitor
RISK MANAGEMENT
• Risk Management:
» Definition:
Risk management is the formal process of identifying
risks, assessing their magnitude, making decisions
about how to handle, and then tracking the progress of
the handling approach.
The risk management process
IN Risk management consist of three essential activities
1) Risk Identification
2) Risk Assessment
3) Risk Containment
RISK IDENTIFICATION
1) Project Risk
2) Technical Risk
3) Business Risk
RISK ASSESSMENT
Risk Assessment (about “a” risk)
The process of estimating the probability and
impact for each risk
Assigning other relevant attributes to a risk
Risk Analysis (about “all”
risks)
RISK CONTAINMENT
There are three main strategies
used in Risk Containment.
STRATEGIES:• Accept
– Take no action
– Make contingency plans
• Avoid
– Change requirement
– Don’t do …
• Transfer
– Give to someone else better equipped to deal with
risk
– Insurance underwriters
CONT…
• Mitigate
– Reduce Likelihood
– Reduce Consequence
TOOLS USED FOR RISK
ANALYSIS AND
MANAGEMENT
Simple explanations of some tools
• Failure Mode Effects Analysis (FMEA)
– Break down large complex processes into manageable
steps
• Failure Mode, Effects and Criticality Analysis (FMECA)
– FMEA & links severity, probability & detectability to
criticality
• Fault Tree Analysis (FTA)
– Tree of failure modes combinations with logical operators
TOOLS…..
• Hazard Analysis and Critical Control Points (HACCP)
– Systematic, proactive, and preventive method on
criticality
• Hazard Operability Analysis (HAZOP)
– Brainstorming technique
• Preliminary Hazard Analysis (PHA)
– Possibilities that the risk event happens
• Risk ranking and filtering
– Compare and prioritize risks with factors for each
risk
Initiate
Quality Risk Management Process
Risk Assessment
Risk Identification
Risk Analysis
Risk Evaluation
Ris k Com m un ic at ion
Risk Control
Risk Reduction
Risk Acceptance
Output / Result of the
Quality Risk Management Process
Risk Review
Review Events
R isk M a nag e m ent tools
unacceptable
WHAT IS RISK ?
•
Mitigate
Risk:
Definition:
– Reduce Likelihood
– Reduce Consequence
* Risk is an event that threatens the accomplishment of one or
more future goals or objectives
* A Risk is described by the likelihood that an event will occur
and the severity of the consequence of that event should it occur.
* Risk is about a possible future event and is often confused
with issues and problems. If the likelihood is certain or near
certain, then it is not a risk