Risks and Configuration

Management
Unit 5
5.1 Risk Management:

 Software Risks,

 Risk Identification,

 Risk Projection,

 Risk Refinement,

 Risk Mitigation, Monitoring, and Management, The RMMM Plan.

What is risk management and why is it important?

 Risk management is the process of identifying, assessing and controlling threats to an

organization's capital, earnings and operations.

 These risks stem from a variety of sources, including financial uncertainties, legal liabilities,

technology issues, strategic management errors, accidents and natural disasters.

Why is risk management important?
Or
What is IT risk management and why is it important for businesses?

 Ans

 With every step that your organization takes to enhance your digital transformation

journey, you are foraying into more risks.

 The more open your business is, the more are enterprise risks involved. Businesses

frequently run the danger of data breaches, technological failures, virus attacks, and

cyberattacks.
 IT Risk management
 The process of identifying, evaluating, and controlling risks to an
organization’s resources and profits is known as risk management. These
dangers can be caused by a number of things, such as monetary
unpredictability, legal responsibilities, technological problems, strategic
management blunders, accidents, and natural calamities.

 A successful IT risk management process takes into consideration the full

range of risks an organization faces. The relationship between risks and the
potential negative cascading effects on the strategic objectives of an
organization are also examined by an organization’s IT risk management
strategy.
What Is Software Risk And Software Risk Management?

Risk is an expectation of loss, a potential problem that may or may not occur in

the future. It is generally caused due to lack of information, control or time.A

possibility of suffering from loss in software development process is called a

software risk
What Is Software Risk And Software Risk
Management?

 Loss can be anything, increase in production cost, development of poor

quality software, not being able to complete the project on time.

 Software risk exists because the future is uncertain and there are many

known and unknown things that cannot be incorporated in the project plan.
What are the different type of sw Risk

 software risk can be of two types

 (a) internal risks that are within the control of the project manager

 (2) external risks that are beyond the control of project manager
what is Risk Identification?
 Risk identification (RI) is a set of activities that detect, describe and catalog all

potential risks to assets and processes that could have negatively impact business

outcomes in terms of performance, quality, damage, loss or reputation.

 It acts as input for actual risk analysis of the relevant risks to an organization.
what is Risk Projection?

 Risk projection, also called risk estimation, attempts to rate each. risk in two

ways—the likelihood or probability that the risk is real and the.

 consequences of the problems associated with the risk, should it occur.

 Risk projection, also called risk estimation, attempts to rate each risk in two ways—the
likelihood or probability that the risk is real and the consequences of the problems
associated with the risk, should it occur.
 The project planner, along with other managers and technical staff, performs four risk
projection activities:
 (1) Establish a scale that reflects the perceived likelihood of a risk.
 (2) Delineate the consequences of the risk.
 (3) Estimate the impact of the risk on the project and the product.
 (4) Note the overall accuracy of the risk projection so that there will be no
misunderstandings.
 Developing a Risk Table

 Risk table provides a project manager with a simple technique for risk
projection.

 Steps in Setting up Risk Table

 (1) Project team begins by listing all risks in the first column of the table.
 Accomplished with the help of the risk item checklists.

 (2) Each risk is categorized in the second column.

 (e.g. PS implies a project size risk, BU implies a business risk).

 (3) The probability of occurrence of each risk is entered in the next column of the
table.
 (4) Individual team members are polled in round-robin fashion until their assessment
of risk probability begins to converge.
 Assessing Risk Impact
 Nature of the risk - the problems that are likely if it occurs.
 e.g. a poorly defined external interface to customer hardware (a technical risk) will
preclude early design and testing and will likely lead to system integration problems
late in a project.
 Scope of a risk - combines the severity with its overall distribution (how much of the
project will be affected or how many customers are harmed?).
 Timing of a risk - when and how long the impact will be felt.
 Overall risk exposure, RE, determined using:
 RE = P x C
 P is the probability of occurrence for a risk.
 C is the the cost to the project should the risk occur.
 RISK REFINEMENT
 · A risk may be stated generally during early stages of project planning.

 · With time, more is learned about the project and the risk

 o may be possible to refine the risk into a set of more detailed risks

 · Represent risk in condition-transition-consequence (CTC) format.

 o Stated in the following form:

 This general condition can be refined in the following manner:

 Subcondition 1. Certain reusable components were developed by a third party with no

knowledge of internal design standards.


 Subcondition 2. The design standard for component interfaces has not been solidified
and may not conform to certain existing reusable components.


 Subcondition 3. Certain reusable components have been implemented in a language

that is not supported on the target environment.
Risk Mitigation, Monitoring, and Management (RMMM) plan

A risk management technique is usually seen in the software

Project plan. This can be divided into Risk Mitigation,
Monitoring, and Management Plan (RMMM). In this plan, all
works are done as part of risk analysis.
As part of the overall project plan project manager generally
uses this RMMM plan.
Risk Mitigation :

 Risk Mitigation :
It is an activity used to avoid problems (Risk Avoidance).
Steps for mitigating the risks as follows.
 Finding out the risk.
 Removing causes that are the reason for risk creation.
 Controlling the corresponding documents from time to time.
 Conducting timely reviews to speed up the work.
Risk Monitoring :

 Risk Monitoring :
It is an activity used for project tracking.
It has the following primary objectives as follows.
 To check if predicted risks occur or not.
 To ensure proper application of risk aversion steps defined for risk.
 To collect data for future risk analysis.
 To allocate what problems are caused by which risks throughout the project

Drawbacks of RMMM:

 Drawbacks of RMMM:
 It incurs additional project costs.
 It takes additional time.
 For larger projects, implementing an RMMM may itself turn out to be another
tedious project.
 RMMM does not guarantee a risk-free project, infact, risks may also come up
after the project is delivered.
5.2 Software Configuration Management

 The SCM Repository

 The SCM Process,

 Configuration Management for any suitable software system

SCM Repository

 The term "SCM Repository" typically refers to a Source Code Management Repository.

It's a centralized location where software developers store, manage, and track changes

to their source code. Popular SCM systems include Git, Subversion (SVN), Mercurial,

and others.
 The SCM repository typically contains the entire history of the project, including all

past versions and changes made by different contributors.

 It's a critical component of modern software development workflows, enabling

teams to coordinate their efforts, maintain code integrity, and easily roll back

changes if necessary.
The SCM (Software Configuration
Management) process

 The SCM (Software Configuration Management) process encompasses the

management of software artifacts, including source code, documentation,

configuration files, and other related assets throughout their lifecycle. Here's

an overview of the SCM process:

SCM process

 Ituses the tools which keep that the

necessary change has been implemented
adequately to the appropriate component.
The SCM process defines a number of tasks:
 Identification of objects in the software configuration
 Version Control
 Change Control
 Configuration Audit
 Status Reporting
 Identification

 Basic Object: Unit of Text created by a software engineer during analysis,

design, code, or test.

 Aggregate Object: A collection of essential objects and other aggregate

objects. Design Specification is an aggregate object.
 Version Control
 Version Control combines procedures and tools to handle different version of
configuration objects that are generated during the software process.

Access Control governs which software engineers have the authority to access
and modify a particular configuration object.
 Synchronization Control helps to ensure that parallel changes, performed by
two different people, don't overwrite one another.