Ankit+Amin+Project+3

=Chapter 14= =Chapter 15= =Chapter 16= =Chapter 17= =Chapter 18=
 * 1) List three risks in establishing a risk management initiative. Assess the probability and consequence of each risk.
 * An initiative is defined by the energy and enthusiasm that is associated with a new beginning. It is also defined by inventiveness and ingenuity, due to the creativity and resourcefulness required to build a new product.
 * The purpose of establishing a risk management initiative is to provide the context for performing risk management that is integrated within the project. Following are risks in establishing an initiative
 * Reviewing requirements from the customer and organization – without the review you would not know what the requirements are and have to be agreed upon by both the parties. Without definite set of requirements, program is destined to fail.
 * Planning for risk management activities –without planning you cannot execute anything. Without planning, program will fail.
 * Allocating resources – the project manager(s) is responsible for allocating resources for the risk management initiative. They can also delegate that task of coordinating training for project participants to encourage their involvement in risk management activities. Without resources you cannot begin the program. You need to have cost, schedule and staffing analysis before beginning the program.
 * 1) Compare and contrast contractual and organizational requirements for risk management.
 * Project requirements are combination of contractual, organizational and derived requirements. Contractual requirements for risk management are often contained in a statement of work (SOW), which typically specifies planning risk management activities and implementing risk management on project. Organizational standards for risk management start with a policy that sets expectations for project behavior. Some requirements are not explicitly stated by are derived from goals and objectives.
 * 1) Explain why risk management is a derived requirement on most software development projects.
 * Derived requirements for risk management can originate from the marketplace, competitive bids, the use of new technology, or system complexity. Risk management is derived requirement from the need to nail the cost, schedule, or technical system performance. Another reason that risk management is a derived requirement is a derived requirement for all software projects is the volatility of the software industry. Software has never been more complex or costly that today’s environment.
 * 1) What would you do if your organizational standard terminology for risk management was different from your customer’s vocabulary?
 * Organizational standard operating procedure should contain requirements for risk management. It should have a consistent use of contractor language. The vocabulary that describes risk management in the SOW is often different from the organizational standard terminology. Contractor as a software producers and customers as software consumers often use different following words to describe similar concepts.
 * Contractor vs. Customer
 * Risk management initiative vs. risk management program
 * Risk assessment vs. risk analysis
 * Probability vs. likelihood of occurrence
 * Consequence vs. impact of risk
 * Risk resolution vs. risk reduction
 * Risk control vs. risk management
 * 1) List three resources that you need to manage risk.
 * Budget
 * All types of requirements including program’s schedule and cost and technical parameters
 * Staffing, training
 * 1) How could you add risk assessment as a line item cost to baseline software risk?
 * Budgeting for risk management activities is the initial investment required for future payoff. Later, mitigation costs are incurred when there is a reason to believe that risk leverage exists. I would add a line item for each risk management activity on the project master schedule and be sure to cost the baseline risk assessment using the assessment method that project budget will support. How much does a risk management initiative cost? The answer is sum total of the budgeted line items.
 * 1) How could you add time for risk management to project meeting agendas?
 * 2) Schedule risk management activities- developing risk management plan, training the people, baselining the risk and verifying risk management practices – on the project master schedule. I would allocate more time on the schedule for a high-risk area to ensure a delivery date. If the budget is inflexible, then I would schedule a lower level of effort over an extended period the time needed to address a high-risk area. I would specifically schedule technical interchange meetings to address risk and incorporate risk issues within project reviews and other meeting agenda.
 * 3) How could you encourage participation from the customer, senior management, and the project team for managing software risk?
 * Ultimately, the project manager is responsible for software risk, but majority of the responsibility to manage risk must be delegated. People inherit responsibility for risk management by their assigned role on the project. One way to coordinate risk management activities is to create a special assignment to the role of risk manager. This role will be filled by a senior technical person but is not required to be a full-time position. Staff risk management activities by involving the appropriate mix of people. Encourage participation from the customer, senior management, and project team.
 * 1) In what way is training for management specific to a project?
 * Training should be specific to the project procedures that are used to implement the risk management plan. There are 2 approaches to get specialized training:
 * Just-enough is a recommended approach for training material that builds on current knowledge. With just enough training, the people will not feel overwhelmed by the amount of information or feel they must become an expert overnight. They should understand there is a developmental path and know where they are on the path.
 * Just-in-time is another important concept. Train the project team so they can apply the concepts immediately. Lectures must be accompanied by exercises that provide practice in applying new methods. There should also be time for answering questions that arise when people practice new methods.
 * 1) Do you agree that destiny is a matter of choice? Discuss why you do or do not agree.
 * I agree. Like the Matrix’s architect said “Problem is the choice”. Depending on the choices we make today affect the outcome in the future. If we choose to ignore the risk management process we will have a project that will be expensive and unmanageable and thus fated to be terminated.
 * 1) In what ways can the risk management plan provide an approach for performing risk management cost-effectively?
 * A comprehensive risk management plan will have: Goals, Strategy, Process, Verification, Mechanisms. Using risk management plan, we do not have to spend time, money and other resources to come up with resolutions for the risks that are documented.
 * 1) Discuss the advantages and disadvantages of a proactive approach to managing risk.
 * Proactive risk management means actively attacking risks. The proactive approach is favorably causing action or change. A proactive approach is for action, not reaction. The plan should describe a proactive approach for acting to assess and control risks. Your project plan can be proactive by establishing a system of rewards for early identification of risks. During a design phase a programmer is focused on the goal and not on the implication of design implementations. This means that he/she will have to go back and redesign if the risk is identified. With that said, if he gets the risk mitigation solution, then he/she can implement the changed at the first go for other component’s design. This will minimize rework if not eliminate it.
 * 1) List five responsibilities associated with the role of project manager. For each responsibility, provide a risk that might occur. Identify the associated interfaces for communicating regarding each risk.
 * Responsibilities
 * Provide project leadership – without proper leadership there can only be chaos! Project is destined to fail.
 * Maintain strategic plan – without strategies we cannot implement any risk resolutions.
 * Budgeting – insufficient funding can lead to cutting corners to meet the milestones without quality and lot of risks.
 * Schedule – insufficient time can also lead to program immaturity.
 * Communication – must communicate will ALL the involved parties.
 * Interfaces
 * Sponsors
 * Contractors
 * Managers
 * System engineering
 * 1) List five responsibilities associated with the role of quality manager. For each responsibility, provide a risk that might occur. Identify the associated interfaces for communicating regarding each risk.
 * Responsibilities
 * Enforce standards and procedures – you have to enforce the standards to help reduce risks and evolve risk management plan. Without enforcing standards and procedures, we cannot and will not be able to id most of the risks.
 * Conduct independent review – This will help improve the risk management plan if done properly and in accordance with the organization’s policy.
 * Communication – must communicate the project quality to management and inform of risks and action items that are opened, in-work and completed.
 * Keeping documentation – without documentation, every effort is pointless. Risk management will cost more and consume more time.
 * Maintain meeting minutes – traceability is essential.
 * Interfaces
 * Project manager
 * Engineering
 * 1) List five responsibilities associated with the role of system engineer. For each responsibility, provide a risk that might occur. Identify the associated interfaces for communicating regarding each risk.
 * Responsibilities
 * Develop concept of operations – need to know the goals
 * Requirement management – without knowing how many and what requirements should be implemented.
 * Communication – Communicate the requirements to management and rest of the teams.
 * Verification and validation – verify and validate the software functionality
 * Documentation – have to supply system documentation to the software team to allow them to design software around system spec.
 * Interfaces
 * Project manager
 * Engineering
 * Contractors
 * Quality manager
 * 1) List five responsibilities associated with the role of software engineer. For each responsibility, provide a risk that might occur. Identify the associated interfaces for communicating regarding each risk.
 * Responsibilities
 * Perform software requirements analysis – need to know the functionality of the software
 * Design – design architecture for the program. Make it readable and understandable.
 * Code – maintain the single coding style. They way you mitigate risk.
 * Peer review – helps spot a problem in design or functionality.
 * Communication – this means identifying any risks and bringing to attention to rest of the team so the resolution can be created.
 * Interfaces
 * System engineering
 * Quality manager
 * Test engineering
 * 1) Do you think the separation of process and plan enables flexibility for change? Discuss why you do or do not think so.
 * The risk management plan maps human resources to project requirements for risk management. An outline for a risk management plan contained within a project management plan (PMP). The PMP describes the budget, schedule, and staffing aspects of project planning for risk management requirements. Plan usually contains following outline:
 * Goals – explains why the project needs risk management requirements, what project expects to grain from use of risk management, and how the risk management plan responds to risk management requirements.
 * Strategy – contains the philosophy and guiding principles of risk management, as well as how people will organize to manage risk.
 * Process – describes a tailored version of the standard risk management process.
 * Verification – shares the evaluation criteria for practice compliance.
 * Mechanisms – describes examples of the methods the project team will use to execute the risk management process.
 * Therefore, I believe that separating process from plan with only hinder flexibility and would add more work of managing more documents.
 * 1) Discuss the advantages and disadvantages of an independent quality audit of the risk management practices to ensure adherence to the risk management plan.
 * Risk management verification is the method to ensure that project practices adhere to the documented risk management plan. Review criteria are specified to set expectations for compliance. The purpose of the review is to understand the activities, agents, and artifacts of the risk management plan to prepare for a compliance audit. An audit procedure verifies whether planned activities to the risk management plan. The audit report is generated to summarize implementation performance and detail any discrepancies against the plan. The report should show if requirements have been achieved and the nature of any non-conformance. An agency that is conducting independent quality audit must be familiar with the organization’s goal and processes. There is no way to measure their knowledge of organization’s goal and processes. They are not involved in actual process implementation so they cannot verify if the process was followed and to what degree of it was applied to a particular risk.
 * 1) Discuss the difference between the goal of minimizing risk and the goal of maximizing opportunity.
 * I would say that there is a relationship between the risk and opportunity. Risk has two components: probability and consequences. Opportunity is found in risks with high probability and consequence. It’s like that old saying, higher the risk, higher the return/reward. When we minimize the risk we also minimize the opportunity and when we maximize the opportunity we carry higher risk with that item. One way to get maximum opportunity is to manage the risk very carefully. Usually during prototyping phase lot of companies are working with high risk items. If they are successful then they get maximize the opportunity and get higher return on investment.
 * 1) Do you agree that success or failure is often determined on the drawing board? Discuss why you do or do not agree.
 * The expression “back to drawing board” comes to mind. Basically, when a plan is created, some decisions are made using proactive approach. But the reality does not always go according to the plan so the choices we make during the implementation decides if we need to go back to the drawing board or press on with tighter risk management. Sometimes we successfully avoid the problem and sometimes we discover a problem during the implantation that can cause the project to fail i.e., inadequate budget, staff, etc.
 * 1) List three ways that tailoring options increase the flexibility of a standard process.
 * Tailoring provides the flexibility required to modify a standard process to adjust for differences among projects. Together, a standard process and tailoring options reduce the risk of developing software that must satisfy different requirements. The standard process provides a common understanding of processes, roles and responsibilities; tailoring provides the advantages of flexibility for disparate projects.
 * The purpose of tailoring the standard process is to define the risk management process for a specific project. Unique aspects of a project are addressed, such as size, budget, and organizational structure. Tailoring the standard process involves reviewing the organization’s standard process and recommending changes to fit a cost-effective process for a particular project. Deviations from the organization’s standard process are documented as waivers. The defined risk management process is peer reviewed, documented approved and distributed to the project team.
 * 1) What are the benefits of a minimum standard risk management process?
 * A defined software process should provide a minimum standard process and tailoring suggestions. A minimum standard risk management process provides a common set of metrics that enable project comparisons. At the organizational level, project comparisons provide visibility into progress so that intelligent decision can be made. Allocation of staff resources among projects is one such decision made at the organizational level. The minimum standard process can be visualized as a process kernel, with the kernel defining the areas that need to be standardized to leverage knowledge between projects. The activities performed within each process can vary between projects if standardization occurs at the process output.
 * 1) List five outputs of the risk management process that you should standardize.
 * Risk statement: The standardization of how to communicate a risk can promote understanding between the project team and the rest of organization.
 * Risk list: The format of a risk that shows the key issues facing a project can help management see common themes to address on all projects.
 * Risk action plan: The attributes of an action plan should be consistent, to promote completeness and reuse of successful plans across the organization.
 * Risk measures: The standard definition of risk measures enable organizational risk metrics and consistent communication to senior management.
 * Risk database: The project risk database should easily merge into an organizational database to retain lessons learned in corporate memory.
 * 1) Give an example of a tailoring option for each process element of the risk management process.
 * Identify risk
 * When to use the risk assessment method
 * When to use the risk appraisal survey
 * How often the project team will meet to identify risk
 * Modification of the identification section of the risk management form
 * Addition of fields in the risk database to support risk identification
 * Implementation of the risk database
 * Who maintains and updates the risk database
 * How to collect risk measures for risk identification
 * Analyze risk
 * How to delegate the responsibility for identified risk
 * Who has the authority for identified risk
 * How to prioritize the risks
 * Modification of the analysis section of the risk management form
 * Addition of fields in the risk database to support risk analysis
 * How to collect risk measures for risk analysis
 * Additional techniques and tools for risk analysis
 * Plan risk
 * How to generate risk action plans
 * Modification of the planning section of the risk management form
 * Addition of fields in the risk database to support risk action planning
 * How to collect risk measures for risk action planning
 * Additional techniques and tools for risk action planning
 * Track risk
 * How to track risk action plans
 * Modification of the tracking section of the risk management form
 * Addition of fields in the risk database to support risk tracking
 * How to collect risk measure for risk tracking
 * Additional techniques and tools for risk tracking
 * Resolve risk
 * How to implement risk action plans
 * Additional techniques and tools for risk resolution
 * Modification of the resolution section of the risk management form
 * 1) 5. Discuss three factors that you can use to describe your project’s need for risk management.
 * Size - your risk is low if your project size is small (fewer than ten people).
 * Budget - your risk is high if your budget is tight or your contract is fixed price.
 * Structure - risk increases as a function of the number of interfaces within the project organization structure. Your risk is high if your project has no organization chart that defines the channels of communication
 * 1) You are responsible for tailoring the standard risk management process for your project. What is your process for determining your recommendations?
 * Project personnel can optimize their risk management process by recommending process changes that provide the following enhancements:
 * A better process is preferred because it is more suitable to the project needs. For example, a method may be preferred because it is familiar and will not require time for training.
 * A faster process takes less time to implement. For example, an automated tool might expedite the process.
 * A cheaper process is reduced in cost. When a process is economical, the return increases.
 * 1) In what ways do you consider your current project to by unique?
 * The current project I was working on required a complete redesign of the software. It involves requiring software functionality expertise from multiple contractors. Each contractor is assigned to do specific job but their jobs are inter-related. Data is being passed between the two contractors. Schedule is really tight both contractors must meet the deadlines for System Integration Testing and final formal testing. Lot of parties are involved: Government, Contractor 1, Contractor 2 and Contractor 3.
 * 1) Discuss what might happen if you could not tailor the standard process.
 * You cannot apply a general process to all the projects. If you do not tailor a standard process then there is a high probability that all the risks will not be identified, assessed, tracked and documented. The process will never mature and ultimately organization’s goals for that project will never be realized and highly probable that the project will fail.
 * 1) List five reasons that you should document the proposed deviations from a standard process.
 * The purpose for the deviations?
 * Who required the deviations?
 * Verification and Validation for deviations?
 * Enable project comparisons
 * Helps support and commitment from the organization management.
 * 1) Do you think a defined software process should permit adjustment to unique project needs? Discuss why you do or do not think so.
 * Yes, I believe every standard process should permit adjustment to unique project needs. Not all projects are same. Each project aspects like budget, schedule, and size vary greatly. Therefore there should be tailoring mechanics for every standard process.
 * 1) Do you think it is important to articulate what we do not know? Discuss the significance of asking questions to become aware of the unknown.
 * The purpose of assessing risk is to understand the risk component of decisions. When we identify and analyze risk, we assess the probability and consequence of unsatisfactory outcomes. Risk assessment is a method for discovery that informs us about the risk. We are better able to decide based on knowing the risk rather than not knowing it. We invest our experience in the attempt to understand the future. By measuring uncertainty, we are developing an awareness of the future. Future awareness is the result of a cognitive thinking process. When we are cognizant, we are fully informed and aware.
 * 1) Explain why the project manager is responsible for delegating the task of conducting a risk assessment.
 * The project manager is responsible for delegating the task of conducting a risk assessment, which provides a baseline of assessed risk to the project. A risk baseline should be determined for a project as soon as possible so that risk is associated with the work, not with the people. By understanding the worst case outcome, we bound our uncertainty and contain our fears. Risk assessment helps take some emotion out so we can deal with the issues more logically. The risk assessment should involve all levels of the project because individual knowledge is diverse. Conducting a risk assessment helps to train the risk assessment methods that will be used throughout the project.
 * 1) List three types of risk assessment methods and describe a situation when each would be appropriate.
 * Identify and assess risks. You can identify and assess risk using different risk assessment methods. Project requirements may call for a less formal or more analytical approach.
 * Train methods. You can use the techniques that you learned during risk assessment training throughout the project.
 * Provide a baseline. You have a risk aware project team and a risk baseline for continued risk management as the result of a risk assessment.
 * 1) Discuss the extent to which sharing information can discover unknown risks.
 * Unknown risks are those that exist without anyone’s awareness of them. Communication helps to discover unknown risk in the following ways:
 * Share knowledge: A team can discover risks by individuals’ contributing what they know. The collective information forms a more complete picture of the risk in a situation. Individuals contribute pieces of a puzzle that they could not resolve on their own.
 * Recognize importance: We sometimes identify risks without an awareness of their significance. Discovering the magnitude of the risk helps in prioritizing it correctly. The passing of time helps us to discover risk importance, but only if we are paying attention. When we are not paying attention, risks turn into problems, when it may be too late to repair the damage.
 * Cumulate indicators: A status indicator that is 10 percent off target is generally perceived as low risk. The summation of a small variance in several indicators can add up to a critical risk. Count the number of indicators exceeding threshold and discover the effect of aggregate risk.
 * 1) List the five steps to categorize risk. What is the value of each step?
 * Clarify. Write the risk statement according to the standard notation. Describe the risk in its simplest terms to refine the understanding of the issue.
 * Consense. Agree on the meaning of the risk statement. Once everyone understands the issues, you should agree on the scope of the issue as written. Agreement is not about the validity of the issue as a risk but about the meaning and intent of the issue as documented.
 * Classify. Select the risk category from a risk classification scheme, such as the SEI software risk taxonomy. If two or more categories describe the risk, the risk may be a compound one. Decompose risks to their lowest level. Note the dependencies that link related risks together.
 * Combine. Group risk statements by risk categories. Roll up all the issues in a category and review them to gain a general understanding of this category by the different perspective documented in the risks.
 * Condense: Remove duplicates and summarize related risks. After you summarize the issues in a logical area, you can easily locate and remove duplicates. Then group related risks with other risks by risk category.
 * 1) Explain the risk drivers that might cause an SEI Level 3 process to degrade.
 * Risk drivers are the variables that cause either the probability or consequence to increase significantly – for example, constraints, resources, technology, and tools. The process and environment can also be risk drivers. These forces cause risk to change over time. For example, your SEI Level 3 process can be reduced to an ad hoc SEI Level 1 process over time due to the risk driver of schedule. You would want to specify the schedule constraint as the risk driver that causes the process to be at risk. Because risks are dynamic, it is important to specify the risk drivers to describe the factors that support risk occurrence. Understanding the risk driver will help you know where to begin to resolve risk.
 * 1) Do you think it is important to communicate risk in a standard format? Discuss how a standard format might make people more receptive to dealing with uncertainty.
 * Yes I think it is important to communicate risk in a standard format. A risk management form for documenting the risk provides a familiar mechanism that structures how we think about risk. The completed risk management form in chapter 15 contains all the essential information to understand the risk.
 * 1) Explain how you could measure risk exposure over time and predict risk occurrence.
 * Once the risk is clearly communicated, an estimate of risk exposure – the product of risk probability and consequence – can be made. The estimate of risk exposure and the time frame for action help to establish a category of risk severity, which determines the relative risk priority by mapping categories of risk exposure against the time frame for action.
 * 1) Discuss how you can use time frame for action to determine risk priority.
 * An evaluation of risk severity in relation to other logged risks determines the actual risk priority and the criteria for risk evaluation should be established. Prioritizing risk provides a focus for what is really important. Your prioritized risk list will be unique to your role on a specific project. In general, the challenges of managing software development can be understood by reviewing the current list of prioritized risks reported by the software community.
 * 1) Do you trust your intuition? Give an example of a time when you did and a time when you did not thrust your intuition.
 * I do trust my intuition for projects that I am very familiar with. For example, when I was working on network intrusion detection software I knew where the risk lies in detecting intrusion. I knew the intrusion system required good set of intrusion signatures to compare against incoming traffic. I knew how the data should be formatted due to the standard for network data representation.
 * I did not trust my intuition when I first joined software for RF signal processing because I never dealt with RF signals before I joined my work. So without knowledge I could not verify that program’s data processing was doing it correctly even though it made a logical sense to me. During testing it turned out that the data was processed incorrectly.
 * 1) Write a progressive five-level scenario that illustrates the importance of prevention in daily life. Use any subject that is routine experience, such as brushing your teeth, driving a car, or saving for retirement.
 * Scenario 1: Do not brush or floss your teeth. Bad breath, lead to losing all teeth or develop serious illness.
 * Scenario 2: Brush your teeth just to brush. Again bad breath, loose all teeth or develop serious illness.
 * Scenario 3: Brush and Floss for sake of saying you cleaned you teeth. May avoid bad breath, may prolong tooth decay.
 * Scenario 4: Brush and floss once a day to really clean your teeth. May avoid bad breath, may mitigate tooth decay or serious illness.
 * Scenario 5: Brush and floss after every meal but at least twice daily. Using proper method for brushing and flossing prevent bad breath, may eliminate tooth decay and prevent serious illness of the mouth.
 * 1) Explain how a risk scenario removes uncertainty. What do you think happens when you state a risk as though it were a known fact?
 * The risk scenario would describe how the risk might be realized. The team would capture information on the sequence of events that could leak to risk realization and then list the conditions that could perturb the risk situation. They would try to understand the significance of risk occurrence. They would also determine when action would need to be taken to prevent problems. Thinking about how a risk could occur provides clues on what is important to prevent it from occurring. By putting a risk as a known fact, it would prompt the team to discuss potential risk resolution strategies. A team should perform risk analysis and improve their analysis, contain overhead, or buy additional resources.
 * 1) Explain that factors that cause decisions to be difficult.
 * Complexity. Are there interrelated issues that cause this strategy to be complex? Are there multiple alternatives that make this decision difficult? Is there a significant economic consideration of selecting this strategy?
 * Uncertainty. Is this strategy high risk? Do the assumptions for choosing this strategy have a high degree of uncertainty? Is the uncertainty based on perceptions of different people?
 * Multiple objectives. Are there conflicting goals associated with this strategy? What are the trade-offs in satisfying the objectives? What are the different motivations for or against this strategy?
 * Different perspectives. Are there alternatives or variations of this strategy that we should consider? What are the different choices that we could make? What conclusions could we make?
 * 1) Do you think it is important to think through all seven risk resolution strategies for a given risk? Discuss why you do or do not think so.
 * Yes, the team must scope the effort for each potential strategy to determine the risk leverage and use the criterion to rank the risk resolution strategies.
 * 1) When would you use a combination of risk resolution strategies? Explain your answer.
 * I would combine the risk resolution strategies that allow me to minimize the impacts to cost, schedule, performance, and customer satisfactions. My decision would be based on organization’s goal and management’s perspective.
 * 1) What triggers might you use to provide notification to execute a risk action plan?
 * E-mail message
 * Team meetings
 * Conference calls
 * Other forms of communication tools.
 * 1) Discuss the importance of training in risk management measures and metrics.
 * Both measures and metrics of risk management effectiveness are needed for reporting on risk status. Risk measures provide objective and subjective data that can be used to indicate the level of project risk. Objective data consist of actual counts of items (e.g., risk identified). These true counts may cause managers to question their subjective understanding and investigate further. Subjective data are based on an individual’s or group’s belief of a condition (e.g., significance of risk). They provide critical information for interpreting and validating objective data. Together, objective and subjective data serve as a system of checks and balances to provide project visibility. Measurements of risk and risk resolution should promote the desired action. For example, proper risk management practices will reward most likely estimates or probability and consequence. Worst case estimates should not be used because they are not as likely to occur.
 * Metrics are the quantitative results of a measure taken by use of a measurement process. A measurement process consists of the activities to define, collect, analyze, report and interpret metrics. Measurement, the use of a measurement process to determine the value of a measure, has limitations that are worth reviewing:
 * Metrics are only as good as the data behind them.
 * Metrics cannot explain or predict anything.
 * Metrics cannot make sense of a chaotic process.
 * No single metric can provide wisdom.
 * Measurement is no substitute for management.
 * Metrics provide a means for monitoring the status of an ongoing project while also providing indications of process improvements for future projects. It is important to have a consistent set of metrics that can be used as status comparisons to previous projects and to reduce confusion on the information represented by the metrics. Reporting risk metrics is effective when the measures are timely, validated, economical, and understandable. Three useful risk metrics are the risk forecast, risk index, and the risk management ROI.
 * 1) Explain the significance of corrective action when you encounter unexpected outcomes.
 * When we encounter unexpected outcomes, we can take corrective action as required. Corrective action is different from risk management, because there is no uncertainty. Corrective action is the specific procedure that is needed to solve a known problem; risk management is a general procedure that is needed to resolve a risk. Risk management is the antithesis of corrective action; where one stops, the other begins. Often the answers to questions lead to further questions. The cycle of risk management and corrective action is as constant as night and day.
 * 1) With the ability to manage risk, you can choose to control existing risk, take on additional risk for potentially higher return, or maximize long-term opportunities. Once you have the ability to manage risk, what will you do?
 * I would control the risk. The software industry will always need risk management. The form of risk management will become specialized, as in other industries. Studying risk management in other fields provides insight into how to apply risk techniques in software development. The maturity of agriculture, medicine, transportation, and financial markets provides a wealth of risk management instruments used to control risk. The common thread in these fields is that risk can be averted through quantifiable insurance. Perhaps when software development is insurable at a reasonable cost, the instruments of software risk management will be mature.
 * 1) Do you think risk is like fire? Discuss why you do or do not think so.
 * Yes, I do think risk is like a fire. If you do not manage it and control it, then it could go out of control and destroy everything like fire. Like California fires, if we did not know how to control them then it would burn everything in its path. Sure it’s difficult but it controlled properly it could have higher return.