Appleton Greene & Co – Risk Management
Appleton Greene & Co Dr. Shamsuddin is an approved Senior Consultant at Appleton Greene and he has experience in information technology, management and e-business. He has achieved a Doctorate of Philosophy in Information Technology Management, a Master of Science in Project Management and a Bachelor of Science in Mathematics. He has industry experience within the following sectors: Consultancy; Banking & Financial Services; Technology; Education and Telecommunications. He has had commercial experience within the following countries: Indonesia; Thailand; The Philippines; Malaysia and Singapore, or more specifically within the following cities: Kuala Lumpur; Bangkok; Manila; Jakarta and Singapore. His personal achievements include: maintain risk exposure below budget; risk governance for software development; implement project risk management framework; IT and risk management integration and risk consulting & corporate governance. His service skills incorporate: risk management; project management; bid management; software development and training services. Appleton Greene & Co
To request further information about Dr. Shamsuddin through Appleton Greene, please CLICK HERE.
Executive summary
Risk Management
Software development is part of information technology (IT) projects. IT projects uses a variety of technological advancements and requires high levels of knowledge. Any IT projects will involve software development, whether they are the standard off-the-shelf application, custom-built application, mobile applications. Regardless of the method used to develop the applications whether they use PRINCE2 method or PMBOK® method, they are all part of IT projects. Software development today has the option to use Agile Scrum method or the most commonly used System Development Life Cycle based on waterfall method. Regardless of which method you choose, there are a number of uncertainties facing a software project. This uncertainty is known as risk. The success of a software development project depends quite heavily on the amount of risk that corresponds to each project activity. As a project manager, it’s not enough to merely be aware of the risks. To achieve a successful outcome, project leadership must identify, assess, prioritize, and manage all of the major risks. The risks may come from hardware, operating environment, database, network, people, and many other resources that make up the complete software solution. A large number of software projects failed to meet their intended objectives due to poor risk management. A project is classified as a failed project if it did not meet any of these i.e. failure to deliver within budget, failure to comply within the scope of the project, failure to meet the delivery schedule or failure to meet the quality requirements. Our unique consulting services is to guide client project team on the techniques and processes of managing risks for software development projects regardless of which development methodology you prefer. Appleton Greene & Co
The goal of most software development projects is to be distinctive often through new features, more efficiency, or exploiting advancements in software engineering. Any software project executive will agree that the pursuit of such opportunities cannot move forward without risk. Because risks are painfully real and quite prevalent on all software projects, it’s critically necessary that stakeholders work hard to identify, understand, and mitigate any risks that might threaten the success of a project. For projects that have time and cost constraints, our experience shows most clearly that successful software development efforts are those in which risk mitigation is a central management activity. Very simply, a risk is a potential problem. It is an activity or event that may compromise the success of a software development project. The risk is the possibility of suffering loss, and total risk exposure to a specific project will account for both the probability and the size of the potential loss. Guesswork and crisis-management are never effective. Identifying and aggregating risks is the only predictive method for capturing the probability that a software development project will experience unplanned or inadmissible events. These include terminations, discontinuities, schedule delays, cost underestimation, and overrun of project resources. Appleton Greene & Co
We can classify five main risk impact areas for software development projects, they are: New, unproven technologies – the majority of software projects entail the use of new technologies. Ever-changing tools, techniques, protocols, standards, and software development environment increase the probability that technology risks will arise in virtually any substantial software engineering initiatives. Training and knowledge are of critical importance, and the improper use of new technology most often leads directly to project failure; User and functional requirements – software requirements capture all user needs with respect to the software system features, functions, and quality. Too often, the process of capturing user and business requirements are lengthy, tedious, and complex. Moreover, requirements usually change with discovery, prototyping, and integration activities. Change in elemental requirements will likely propagate throughout the entire project, and modifications to user requirements might not translate to functional requirements. These disruptions often lead to one or more critical failures of a poorly-planned software development project.; Application and system architecture – taking the wrong direction with a platform, component, or architecture can have disastrous consequences. As with the technological risks, it is vital that the team includes experts who understand the architecture and have the capability to make sound design choices; Performance – It’s important to ensure that any risk management plan encompasses user and project stakeholders’ expectations on performance. Consideration must be given to benchmarks and threshold testing throughout the project to ensure that the work products are moving in the right direction; Organizational – organizational problems may have adverse effects on project outcomes. Project management must plan for efficient execution of the project, and find a balance between the needs of the development team and the expectations of the customers. Of course, adequate staffing includes choosing team members with skill sets that are a good match for the project. Appleton Greene & Co
There are many types of risks facing a project some of which can be controlled while others need a plan to mitigate them. Prior to managing and controlling these risks, a project team must have the knowledge and experience in identifying these risks at the early stage of the project whether it is a risk that everybody knows about or potential threats that they have no experience in handling them. The project team needs to compute the cost of each of these risk and feed this data into the project budget so the project sponsor and the executive management committee are fully aware of this cost. If the cost of risks is not known then the projected project profitability which has been developed during the project initiation stage is inaccurate. Appleton Greene & Co
Poor risk management, lack of knowledge and experience in the identification and quantification of the risks affecting a software development project, and the shortfall of the required expertise are some of the shortcomings facing IT organizations today. These are the fundamental issues that have contributed toward many failed projects since the early 1990s and still happening today. Failed projects are projects that do not meet the scope, cost, schedule, and quality requirements defined by the business user. Appleton Greene & Co
The objective of performing risk management for IT software projects is to enable your organization to accomplish its mission by: Better securing the IT software projects that store, process, or transmit organizational information; Reducing the number of failed projects through the establishment of a risk governance structure for IT software projects; Implementing project risk management processes that will support IT project team in the configuration of risks across the respective phases of the software development life cycle; Enabling management to make well-informed risk management decisions to justify the expenditures that are part of an IT budget; Assisting management in authorizing the IT software projects on the basis of the supporting documentation resulting from the performance of risk management; Implementing a structured budgeting framework for IT software projects in order to ensure that all high impact risk activities will be identified for tracking and accounting purposes; Providing training to the project team including the techniques of calculating project risks with the aid of a risk management tool; Identifying the risk and its associated cost which includes inflation charge, project liabilities, and contingencies; Monitoring and continuous reporting to risk management committee. Appleton Greene & Co
Service Methodology
The consulting services focus on managing risk for IT software projects that adopt the methods defined in the software development life cycle (SDLC). We shall embed the risk management processes into the SDLC processes that will allow the project team to act, monitor and control risks throughout the various phases of the software development life cycle. The SDLC comprised of six phases and the method used to achieve the service objectives are discussed in the following phases. Appleton Greene & Co
System Initiation phase is the first phase of any software project where the risks are highest because known and unknown threats are likely to hit the project. The business case and proposed solution developed during project origination phase are re-examined to ensure that they are still valid and address an existing organizational need. This validation effort provides the project team with the opportunity to discover the list of risks that may arise should the business team decide to proceed with the proposed solution. The primary focus is to develop the initial project plan, produce a preliminary budget, defining the scope of the project, and to develop a high-level project schedule. At this stage, we shall conduct risk planning activities and develop the risk management plan as the formal framework for risk management activities throughout the rest of the project. Appleton Greene & Co
System Requirement phase in which the needs of the business are captured in as much detail as possible. At this stage, the project manager has completed definition of some risks based on input from project business case. The project manager leads the project team to define what it is that the new system must do. By obtaining a detailed and comprehensive understanding of the business requirements, the project team can develop the functional specification that will drive the system design. Investment increases during System Requirements phase due to engagement of human resources to develop the project team and to produce the project management plan and project communications plan. During this phase, we shall conduct risk identification process to identify the list of risks and assist the project team in the development of the Risk Register. Appleton Greene & Co
System Design phase which builds upon the work performed during system requirements phase, and results in a translation of the functional requirements into a complete technical solution. This phase dictates the technical architecture, standards, specifications and strategies to be followed throughout building, testing, and implementation of the system. The completion of system design also marks the point in the project at which the project manager should be able to plan, in detail, all future project activities including the system testing and system acceptance plan. At this stage, we shall conduct an assessment of all risks using qualitative and/or quantitative techniques to identify the high impact risk, prioritize them and update the risk register. This includes high impact risks and contingencies that will impact development work during system development phase. Appleton Greene & Co
System Development phase where the project team builds and tests the various modules of the application, including any utilities that will be needed during System Testing and Acceptance phase. As system components are built, they will be tested both individually and in logically related groupings until such time when a full system integration testing will be performed to validate functionality. We will work with the project team to ensure that the development environment is secure, and there is no exposure that can be considered a major threat to the environment. The high impact risks identified in the system design phase will be closely monitored to ensure that they will not cause problems to the development effort. In cases where a particular risk occurred, the mitigation plan will be executed together with the appropriate risk response strategy. The risk monitoring and control activities will be extended into the System Testing and Acceptance phase as part of the validation cycle until the component is accepted by the end user. Appleton Greene & Co
System Testing and Acceptance during which the focus of system validation efforts shifts from those team members responsible for developing the application to those who will ultimately use the system in the execution of their daily responsibilities (the end users). This is the critical phase of the system development life cycle where all the components of the applications will be tested together following the system test plan developed during the system design phase. This process is commonly called the system integration testing (SIT). Any component that failed during SIT will be sent back to the development team for rectification and these components will be re-tested until they are error-free. One of the common risk facing SIT is the execution of the testing activities that are dependent upon the result of another testing that precedes it. Other risks include the readiness of the SIT environment, migration of test data, the technical configuration of the computer system need to be identical to the production environment, and much more. This phase also includes user acceptance testing (UAT which is the testing of the functional components of the system by the business users. A dedicated UAT environment needs to be installed prior to undertaking user acceptance testing. In addition to confirming that the system meets functional expectations, activities are aimed at validating all aspects of data conversion and system deployment. Appleton Greene & Co
System Implementation phase is the final phase of the SDLC which comprises all activities associated with the deployment of the application to the production environment. These efforts include installation of the system in a production setting and transition of ownership of the application from the project team to the customer. The final process is the closure of a project that should include contract closure, risk closure, and administrative closure. Contract closure ensures that all of the deliverables and agreed upon terms of the project have been completed and delivered so that the project can end. It allows resources to be reassigned and settlement or payment of any account, if applicable. Appleton Greene & Co
Service Options
Companies can elect whether they just require Appleton Greene for advice and support with the Bronze Client Service, for research and performance analysis with the Silver Client Service, for facilitating departmental workshops with the Gold Client Service, or for complete process planning, development, implementation, management and review, with the Platinum Client Service. Ultimately, there is a service to suit every situation and every budget and clients can elect to either upgrade or downgrade from one service to another as and when required, providing complete flexibility in order to ensure that the right level of support is available over a sustainable period of time, enabling the organization to compensate for any prescriptive or emergent changes relating to: Customer Service; E-business; Finance; Globalization; Human Resources; Information Technology; Legal; Management; Marketing; or Production. Appleton Greene & Co
Service Mission
To increase the rate of success particularly for software development projects through the establishment of the project risk governance structure at the system initiation phase of the software development life cycle. To introduce and implement a structured project risk and costing framework in order to ensure that all cost drivers will be identified and captured at the end of the system requirements phase of the software development life cycle. To introduce and implement project risk management processes in the client organization that will support client IT project team in the configuration of risks across the respective phases of the software development life cycle. To guide the project team on the techniques of calculating project risks with the aid of a custom-design tool, how to quantify the cost of handling each of these risks, what is the maximum risk a project can absorb, and how to balance the risk in order to stay within the project budget. To guide the project team in the development of the IT Risk Management plan for official tracking and reporting, during the system development phase of the software development life cycle. To ensure appropriate and continuous monitoring of risk to be conducted during system development and system acceptance phase of the software development life cycle. Appleton Greene & Co
Areas to focus on future consulting services: Provide risk management training to information technology personnel prior to the start of their duties or their participation, these include project managers, project team members, and representatives from the client business team who are involved with projects; To conduct client induction program for all new hires to be deployed for information technology projects has a risk education component that articulates their duty of care. Ensure that all committee members attend induction and if possible, attend more comprehensive risk education or training; To train and coach client project team in the structured process of defining and computing the risks affecting the project including labor, material, product licenses, expenses, liabilities, and contingencies. Appleton Greene & Co
For More Information
If you would like to find out more about Appleton Greene’s Risk Management service, please CLICK HERE.
Client Telephone Conference (CTC)
If you have any questions or if you would like to arrange a Client Telephone Conference (CTC) to discuss this particular Unique Consulting Service Proposition (UCSP) in more detail, please CLICK HERE.
Appleton Greene & Co CLICK HERE.