OpenUP/OpenUP_baseline_EN/exported_HTML_1_0/openup/guidances/concepts/risk.html - epf/org.eclipse.epf.nl-libraries - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
 <!-- VERSION rmc:7.1.0 -->
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
 <!-- START NON-TRANSLATABLE -->
 <title>openup&amp;#92;guidances&amp;#92;concepts&amp;#92;&amp;#92;risk.xmi</title>
 </head>
 <!-- WARNING: do not modify the generated comments in this file below this line.  They are used as markers for the import process. -->
 <body>
 Element Name: risk.xmi<br/><br/>
 <!-- END NON-TRANSLATABLE -->
 <br/><br/><br/>
 <!-- START NON-TRANSLATABLE -->
 Attribute: presentationName<br/><br/>
 <!-- END NON-TRANSLATABLE -->
 <!-- START:presentationName,_0bsLgMlgEdmt3adZL5Dmdw CRC: 3644095103 -->Risk<!-- END:presentationName,_0bsLgMlgEdmt3adZL5Dmdw -->
 <br/><br/><br/>
 <!-- START NON-TRANSLATABLE -->
 Attribute: briefDescription<br/><br/>
 <!-- END NON-TRANSLATABLE -->
 <!-- START:briefDescription,_0bsLgMlgEdmt3adZL5Dmdw CRC: 1459999167 -->A risk is whatever may stand in the way of success, and is currently unknown or uncertain. Usually, a risk is qualified by the probability of its occurrence and the impact in the project, if it occurs.<!-- END:briefDescription,_0bsLgMlgEdmt3adZL5Dmdw -->
 <br/><br/><br/>
 <!-- START NON-TRANSLATABLE -->
 Attribute: mainDescription<br/><br/>
 <!-- END NON-TRANSLATABLE -->
 <!-- START:mainDescription,_u6enMMM1EdmSIPI87WLu3g CRC: 1466811396 --><h3>
     What is a Risk?
 </h3>
 <p>A risk is an uncertain event or condition that, if it occurs, will have a negative or positive effect on one or more
 project objectives [<a class="elementLinkWithUserText" href="./../../../openup/guidances/supportingmaterials/references_6CCF393.html#PMI04" guid="_9ToeIB83Edqsvps02rpOOg">PMI04</a>]. Project risks may be seen as threats or opportunities. The latter means
 that taking a calculated risk may bring, for example, competitive advantage for a product or organization.
 If there are benefits associated with an opportunity, then you can take certain degrees of risk for a project to
 be successful [<a class="elementLinkWithUserText" href="./../../../openup/guidances/supportingmaterials/references_6CCF393.html#SEI99" guid="_9ToeIB83Edqsvps02rpOOg">SEI99</a>].</p>
 <p>
     In everyday life a risk is an exposure to loss or injury: A factor, thing, element, or course involving uncertain
     danger. Similarly, in software development a risk is something that can compromise the success of a project.
     Examples of potential sources of risk in software development are listed below (see [<a class="elementLinkWithUserText" href="./../../../openup/guidances/supportingmaterials/references_6CCF393.html#SEI99" guid="_9ToeIB83Edqsvps02rpOOg">SEI99</a>] for more details):
 </p>
 <ul>
     <li>
         Requirements
     </li>
     <li>
         Design
     </li>
     <li>
         Development process
     </li>
     <li>
         Work environment
     </li>
     <li>
         Resources
     </li>
     <li>
         Contract
     </li>
     <li>
         Project interdependencies
     </li>
     <li>
         And so on
     </li>
 </ul>
 <h3>
     Risk Attributes
 </h3>
 <p>
     You can record as much information as you like or need about your risks. You will find a list of common risk
     attributes following.
 </p>
 <ul>
     <li>
         <b>Risk Description:</b> A description of the risk detailing the impact for the project if this risk
         becomes a problem (that is, it becomes a reality).
     </li>
     <li>
         <b>Risk Category</b>: Risk identification is usually more easily done when there is a "mental framework"
         in place to ensure that potential areas of risk are not overlooked. One way of doing this is to divide risks into
         categories (such as technical, project management, organizational, and external), to ensure that all aspects of the
         project which are prone to risk are covered.
     </li>
     <li>
         <b>Risk Type:</b> Used to classify the risk as:
     </li>
     <li style="LIST-STYLE-TYPE: none">
         <ul>
             <li>
                 <b>Direct risk</b>: A risk that the project has a large degree of control over
             </li>
             <li>
                 <b>Indirect risk</b>: A risk with little or no project control
             </li>
         </ul>
     </li>
     <li>
         <b>Risk Probability:</b> How likely the risk event will happen. This is usually represented as a scale of
         values (for example: High, Medium, Low). Probability is one of the most difficult quantities to judge accurately.
     </li>
     <li>
         <b>Risk Impact</b> (level): If this risk becomes a problem, what will the impact on
         the project be? This is not the actual <b>description</b> of the impact, but the <b>level</b> of impact. As the risk
         probability, it is usually represented as a scale. This attribute is also sometimes called the
         <b>severity</b> of the risk.
     </li>
     <li>
         <b>Risk Magnitude</b>: To be able to rank and define which risks need to be mitigate first, the
         <b>Risk Probability </b> and <b>Risk Impact</b> attributes are often combined in a
         single <b>Risk</b> <b>Magnitude</b> indicator represented as a scale similar to the
         combined attributes.
     </li>
 </ul>
 <h3>
     Risk Response Strategies
 </h3>
 <p>
     The risk response should be in line with the significance of the risk. The strategies for handling risk cover two
     main types: negative risks and positive risks (or opportunities). Common response strategies for negative risks or
     threats include:
 </p>
 <ul>
     <li>
         <b>Avoid</b>: Reorganize the project so that it cannot be affected by that risk (for example, removing work)
     </li>
     <li>
         <b>Mitigate</b>: Define actions to reduce the probability or the impact of the risk, removing it from the
         top of the list
     </li>
     <li>
         <b>Transfer</b>: Reorganize the project so that someone or something else bears the risk. It simply
         gives another party responsibility for its management. It doesn't eliminate the risk.
     </li>
 </ul>
 <p>
     Common response strategies for positive risks or opportunities include:
 </p>
 <ul class="noindent">
     <li>
         <b>Exploit</b>: Add work or reorganize the project to make sure that the opportunity occurs (it
         is the reverse of avoid)
     </li>
     <li>
         <b>Enhance</b>: Define actions to increase the probability or the positive impact of the risk
         (this is the reverse of mitigate)
     </li>
     <li>
         <b>Share</b>: Allocate
         the ownership of the opportunity to a third party who is best able to capture the opportunity for the
         benefit of the project.
     </li>
 </ul>
 <p>
     Another response strategy for both threats or opportunities is to <b>Accept</b>: Decide to live with the
     risk, and define a contingency plan.
 </p>
 <p>
     Some scenarios for software development may help to make these concepts more clear:
 </p>
 <ul>
     <li>
         You need to use a new framework. A risk avoidance strategy could be to drop this new framework and use another
         one that is already understood by the team.
     </li>
     <li>
         The application you are developing needs to communicate with a legacy system. A risk transfer strategy would
         be to have the legacy support team be responsible for providing the APIs to access the legacy system.
     </li>
     <li>
         You need to use new middleware. A risk mitigation strategy could be to build a prototype using this new middleware
         to validate that it will provide the features you need for your application.
     </li>
     <li>
         Your integrator is the only one who knows how to integrate the different components of your application. A
         contingency plan could be to identify a resource on another project that you could bring on if your integrator is
         sick, leaves the company, and so on.
     </li>
 </ul><!-- END:mainDescription,_u6enMMM1EdmSIPI87WLu3g -->
 </body>
 </html>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
	<!-- VERSION rmc:7.1.0 -->
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
	<!-- START NON-TRANSLATABLE -->
	<title>openup&#92;guidances&#92;concepts&#92;&#92;risk.xmi</title>
	</head>
	<!-- WARNING: do not modify the generated comments in this file below this line. They are used as markers for the import process. -->
	<body>
	Element Name: risk.xmi<br/><br/>
	<!-- END NON-TRANSLATABLE -->
	<br/><br/><br/>
	<!-- START NON-TRANSLATABLE -->
	Attribute: presentationName<br/><br/>
	<!-- END NON-TRANSLATABLE -->
	<!-- START:presentationName,_0bsLgMlgEdmt3adZL5Dmdw CRC: 3644095103 -->Risk<!-- END:presentationName,_0bsLgMlgEdmt3adZL5Dmdw -->
	<br/><br/><br/>
	<!-- START NON-TRANSLATABLE -->
	Attribute: briefDescription<br/><br/>
	<!-- END NON-TRANSLATABLE -->
	<!-- START:briefDescription,_0bsLgMlgEdmt3adZL5Dmdw CRC: 1459999167 -->A risk is whatever may stand in the way of success, and is currently unknown or uncertain. Usually, a risk is qualified by the probability of its occurrence and the impact in the project, if it occurs.<!-- END:briefDescription,_0bsLgMlgEdmt3adZL5Dmdw -->
	<br/><br/><br/>
	<!-- START NON-TRANSLATABLE -->
	Attribute: mainDescription<br/><br/>
	<!-- END NON-TRANSLATABLE -->
	<!-- START:mainDescription,_u6enMMM1EdmSIPI87WLu3g CRC: 1466811396 --><h3>
	What is a Risk?
	</h3>
	<p>A risk is an uncertain event or condition that, if it occurs, will have a negative or positive effect on one or more
	project objectives [<a class="elementLinkWithUserText" href="./../../../openup/guidances/supportingmaterials/references_6CCF393.html#PMI04" guid="_9ToeIB83Edqsvps02rpOOg">PMI04</a>]. Project risks may be seen as threats or opportunities. The latter means
	that taking a calculated risk may bring, for example, competitive advantage for a product or organization.
	If there are benefits associated with an opportunity, then you can take certain degrees of risk for a project to
	be successful [<a class="elementLinkWithUserText" href="./../../../openup/guidances/supportingmaterials/references_6CCF393.html#SEI99" guid="_9ToeIB83Edqsvps02rpOOg">SEI99</a>].</p>
	<p>
	In everyday life a risk is an exposure to loss or injury: A factor, thing, element, or course involving uncertain
	danger. Similarly, in software development a risk is something that can compromise the success of a project.
	Examples of potential sources of risk in software development are listed below (see [<a class="elementLinkWithUserText" href="./../../../openup/guidances/supportingmaterials/references_6CCF393.html#SEI99" guid="_9ToeIB83Edqsvps02rpOOg">SEI99</a>] for more details):
	</p>
	<ul>
	<li>
	Requirements
	</li>
	<li>
	Design
	</li>
	<li>
	Development process
	</li>
	<li>
	Work environment
	</li>
	<li>
	Resources
	</li>
	<li>
	Contract
	</li>
	<li>
	Project interdependencies
	</li>
	<li>
	And so on
	</li>
	</ul>
	<h3>
	Risk Attributes
	</h3>
	<p>
	You can record as much information as you like or need about your risks. You will find a list of common risk
	attributes following.
	</p>
	<ul>
	<li>
	<b>Risk Description:</b> A description of the risk detailing the impact for the project if this risk
	becomes a problem (that is, it becomes a reality).
	</li>
	<li>
	<b>Risk Category</b>: Risk identification is usually more easily done when there is a "mental framework"
	in place to ensure that potential areas of risk are not overlooked. One way of doing this is to divide risks into
	categories (such as technical, project management, organizational, and external), to ensure that all aspects of the
	project which are prone to risk are covered.
	</li>
	<li>
	<b>Risk Type:</b> Used to classify the risk as:
	</li>
	<li style="LIST-STYLE-TYPE: none">
	<ul>
	<li>
	<b>Direct risk</b>: A risk that the project has a large degree of control over
	</li>
	<li>
	<b>Indirect risk</b>: A risk with little or no project control
	</li>
	</ul>
	</li>
	<li>
	<b>Risk Probability:</b> How likely the risk event will happen. This is usually represented as a scale of
	values (for example: High, Medium, Low). Probability is one of the most difficult quantities to judge accurately.
	</li>
	<li>
	<b>Risk Impact</b> (level): If this risk becomes a problem, what will the impact on
	the project be? This is not the actual <b>description</b> of the impact, but the <b>level</b> of impact. As the risk
	probability, it is usually represented as a scale. This attribute is also sometimes called the
	<b>severity</b> of the risk.
	</li>
	<li>
	<b>Risk Magnitude</b>: To be able to rank and define which risks need to be mitigate first, the
	<b>Risk Probability </b> and <b>Risk Impact</b> attributes are often combined in a
	single <b>Risk</b> <b>Magnitude</b> indicator represented as a scale similar to the
	combined attributes.
	</li>
	</ul>
	<h3>
	Risk Response Strategies
	</h3>
	<p>
	The risk response should be in line with the significance of the risk. The strategies for handling risk cover two
	main types: negative risks and positive risks (or opportunities). Common response strategies for negative risks or
	threats include:
	</p>
	<ul>
	<li>
	<b>Avoid</b>: Reorganize the project so that it cannot be affected by that risk (for example, removing work)
	</li>
	<li>
	<b>Mitigate</b>: Define actions to reduce the probability or the impact of the risk, removing it from the
	top of the list
	</li>
	<li>
	<b>Transfer</b>: Reorganize the project so that someone or something else bears the risk. It simply
	gives another party responsibility for its management. It doesn't eliminate the risk.
	</li>
	</ul>
	<p>
	Common response strategies for positive risks or opportunities include:
	</p>
	<ul class="noindent">
	<li>
	<b>Exploit</b>: Add work or reorganize the project to make sure that the opportunity occurs (it
	is the reverse of avoid)
	</li>
	<li>
	<b>Enhance</b>: Define actions to increase the probability or the positive impact of the risk
	(this is the reverse of mitigate)
	</li>
	<li>
	<b>Share</b>: Allocate
	the ownership of the opportunity to a third party who is best able to capture the opportunity for the
	benefit of the project.
	</li>
	</ul>
	<p>
	Another response strategy for both threats or opportunities is to <b>Accept</b>: Decide to live with the
	risk, and define a contingency plan.
	</p>
	<p>
	Some scenarios for software development may help to make these concepts more clear:
	</p>
	<ul>
	<li>
	You need to use a new framework. A risk avoidance strategy could be to drop this new framework and use another
	one that is already understood by the team.
	</li>
	<li>
	The application you are developing needs to communicate with a legacy system. A risk transfer strategy would
	be to have the legacy support team be responsible for providing the APIs to access the legacy system.
	</li>
	<li>
	You need to use new middleware. A risk mitigation strategy could be to build a prototype using this new middleware
	to validate that it will provide the features you need for your application.
	</li>
	<li>
	Your integrator is the only one who knows how to integrate the different components of your application. A
	contingency plan could be to identify a resource on another project that you could bring on if your integrator is
	sick, leaves the company, and so on.
	</li>
	</ul><!-- END:mainDescription,_u6enMMM1EdmSIPI87WLu3g -->
	</body>
	</html>