Overview
In this activity, the software project’s approach to risk management is planned and defined, based upon the Software Engineering Institute’s (SEI) Continuous Risk Management Guidebook [SEI, 1996] .
Roles and Responsibilities
The project software manager is responsible for planning the risk management activities for the software project.
The software engineering manager and software test manager may be asked to participate in the risk management planning effort.
The software engineering process group (SEPG) members may be asked to serve as risk management consultants or facilitators.
The project manager is responsible for risk management activities for the software project [SEI, 1996] .
Controls
SEI’s Continuous Risk Management Guidebook which describes the risk management process to be implemented.
The Project Plan which may specify project-level, risk management activities with which the software risk management program should be coordinated.
Inputs
The software project organization and resources that determine how the risk management roles will be assigned
Procedures
1) The project software manager, together with the software engineering manager and the software test manager, should review the Project Plan to understand any existing risk management policies, methods, or tools. The project software manager must determine if any changes should be made in the SEI’s Continuous Risk Management approach to adapt to on-going, project-level, risk management activities. If these are non-existent, the project software manager should meet with the project manager to discuss implementing risk management at the project-level. SEPG members may be consulted and asked to serve as risk management facilitators.
2) It is assumed that the risk management approach, as defined in the SEI’s Continuous Risk Management Guidebook, will be implemented on the project. If this is not the case, a Request for Deviation/Waiver (see Appendix C) should be submitted to the SEPG (see activities 2.2.1 Request Deviation/Waiver and 4.1.1 Review Request for Deviation/Waiver).
Risk management roles and are assigned based on upon the software project’s organization and personnel (see activity 1.1.1.2.1 Identify Software Project Organization). Risk management training is planned and conducted (see activity 1.1.4 Plan And Provide Software Project Training), and risk tracking mechanisms are selected, acquired, and installed (see activity 1.1.1.2.2 Identify Software Engineering Environment). The work breakdown structure (WBS) (see activity 1.1.1.1.2 Develop Work Breakdown Structure), cost estimate (see activity 1.1.1.1.4 Perform Cost Estimating), and schedule (1.1.1.1.5 Develop Software Schedule) should be updated to include the acquisition of the risk management tracking mechanism(s). The Risk Information Form (see Appendix C) is used to document risks.
3) The software project’s approach to risk management is documented in the Risk Management section of the Software Development Plan (SDP) (see Appendix E).
Outputs
The software project’s approach to risk management is documented in the Risk Management section of the SDP.
The risk management tracking mechanism which has selected and installed.