Ankit+Amin+SSE+674+Project+2

=Chapter 9=
 * 1) Describe how risk management policy is a strategic plan to institutionalized risk management. Identify the risks of documenting a policy that will be supported by the entire organization. What is your mitigation strategy to combat these risks?
 * Policy will help enforce risk management processes. Overall general risk management policies sometimes be vague and would allow each teams to make assumptions not agreed upon by the program team. Policy will help maintain communication and involvement from all the teams (development, testing and maintenance) throughout the life cycle of the project. To help mitigate risks, I would hold periodic meetings will all the teams to ensure that risk management plan which has be established is used and improved upon.
 * 1) Do you agree that anyone can influence policy but policy influences everyone? Discuss why you do or do not agree.
 * Yes, I agree. Person who is working at low level of the project might not be aware of the big picture so he/she cannot take a decision that might affect big picture. However, that person’s input should be taken in during the risk identification and assessment processes. Person who is able to see the big picture is more suited to create a policy based on everyone’s input.
 * 1) Develop a survey that you can give to people that will determine the current risk management practices. Would the survey be different for new business, proposals, projects, and international research and development teams? Explain your answer.
 * Yes and No. There will be similarities among the surveys because each of different disciplines. For example, new business survey we cannot ask about their program configuration management risks because they are most likely to buy software then to produce one.
 * New Business
 * 1) What are your risks?
 * 2) How do you budget?
 * 3) What is your cost for products?
 * 4) What is the return?
 * Proposals
 * 1) Do you know the topic in question?
 * 2) How do you plan to approach a solution?
 * 3) How would you budget?
 * 4) What are your risks?
 * Projects
 * 1) How would you budget?
 * 2) What are your risks?
 * 3) What are the resources?
 * International Research
 * 1) How would you budget your research?
 * 2) What are your bottlenecks?
 * 3) What are the resources?
 * Development Teams
 * 1) How would you budget your project?
 * 2) What are your risks?
 * 3) What are the resources?
 * 4) Discuss the concept of commitment. Why is commitment important for long-term success? Give three ways that commitment is demonstrated in an organization from the top-down and three ways that commitment is demonstrated from the bottom-up.
 * Obtaining commitment is the first step in developing a policy for risk management. Commitment is demonstrated top-down when the administration allocates resources to a task and bottom-up from the employees who support the task. Commitment is what it takes for long-term success in changing or developing an organizational culture. When we are committed, we understand that it is our duty to see the task through to completion. Commitment strengthens as progress is made toward goals. It is based on trust and faith that the goal is worth the effort. Closer to the goal, our commitment is based on knowledge and understanding that we did the right thing. Institutionalization depends on the level of commitment over time. Change occurs when there is a top-down and bottom-up commitment. Figure 9.1 shows that Commitment process starts from Contact, then to Awareness, then to Understanding, then to Trial use, then to Adoption, and then finally Institutionalization.
 * 1) What is a risk ethic? What do you think is the significance of fostering a risk aware culture?
 * A risk ethic is the rules of conduct that characterize a proper risk management philosophy. I believe there is significance in fostering a risk aware culture. The benefits of nurturing a risk ethic are demonstrated by organizations that have achieved success through diversification and individual responsibility. The open communication of risk helps an organization to resolve risk, avoid problems, reduce rework, and provide focus.
 * 1) What is the point of involving opinion leaders in organizational change? Identify five risks of dictating an organizational policy on software risk management. Discuss the probability and consequence for each of the identified risks.
 * Opinion leaders influence others because they are vocal about their beliefs. Involving them late in the policy definition process is a mistake because we will soon ask them to approve policy without their input. Following are some risks of dictating an organizational policy on software risk management:
 * Grocery list of Requirements (incomplete set of requirements) – The start of the project is wrong. It will guarantee that lot of cost for future rework.
 * No communication channels – cannot manage risk mitigation plans, no traceability to requirements, and no way to verify the solution.
 * Budget overrun – project doomed to be expensive and most likely to be terminated.
 * Schedule overrun – project doomed to spend more money.
 * Staffing – project will not be properly staffed with subject matter experts.
 * 1) Write a risk management policy for NASA. Write another risk management policy, this time for Microsoft. Compare and contrast the two policies.
 * NASA will be more concerned about safety of all the entities involved in the mission. In addition, their software will have low probability of failure. Hence the following policies:
 * Safe return of all personnel
 * Ensure aircraft integrity
 * Ensure software robustness
 * Update all the technical documents in the ship
 * Ensure back-up support system
 * Microsoft will be more concerned about continuing business with moderate software quality. Hence the following policies:
 * Make programs such that customers requires constant updates
 * Maintain and follow software development processes
 * Maintain software configuration process
 * Train new employees in processes
 * Buy out competition which has better product and incorporate it into Microsoft
 * 1) Write a risk management policy for your organization. Discuss how the terminology reflects your environment.
 * Policy:
 * All the teams (development, testing and maintenance) should be involved in software development processes. Government’s risk management processes shall be utilized by all the contractors at the start of the project.
 * The policy will ensure that the risk management process used by all the contractors is same. In addition, it will include all the teams over the life-cycle of the project. This will also help improve our risk management processes if any inconsistencies are found.
 * 1) People communicate through vocabulary. Underline and define the important terms used in a risk management policy.
 * Must adhere to the policy
 * Must take proactive approach to managing risks
 * Maintain documentation, database and communication with management.
 * 1) You are an engineer working on a large software development. The project schedule is slipping due to technical problems. Management does not appear to know how to change this situation. You have been inspired to make a difference for your project. What will you do? Explain the difference your actions can make for your project.
 * Gather the following information regarding the technical problems
 * Identify the source
 * Risk assessment including the cost to fix now vs. later and implement Risk plan there was one
 * Risk mitigation plan’s progress
 * Documentation of the risk and its solution
 * Inform the management with the documentation, get my opinion on what should be done, and give my opinion on how to get back on schedule during other phases. For example, performing System Integration Testing starting in the middle of Software Integration Testing phase.
 * After the information has been given to management, they can tell me whether they would prefer to meet the old deadlines or new ones. If they decide, the schedule is more important than the cost they would just decide to get software regardless of its quality.

=Chapter 10=
 * 1) Symbolic metaphors help you gain different perspectives. Discuss how a defined standard process is like the script of a play. Explain how you would improve the standard process “script” on a specific project.
 * A standard process is a minimum set of procedures defined and approved for use by an organization. It is process that lists what roles and responsibilities are assigned to whom. They generically state how a function should be performed. I would give generic processes but the actual process can be altered for specific system. For example, I can give generic information on how to do configuration management but I cannot specify which tools to use. The tools will depend heavily on the system.
 * 1) Define the process of process improvement. Include an organizational, action plan, and process notation. Explain how this process helps project teams.
 * Process Improvement process is defined by organization’s software engineering process group. For example, every organization has standard process for process improvement but as you go down the organization, it is discovered that each department has more specific improvement process defined for their particular system. Process improvement process helps improve current processes therefore allowing it the overall risk management process to mature over time.
 * 1) Discuss the concept of diversity on process action items. List the advantages and disadvantages of working in a cross-functional team environment.
 * The risk management process action team should have cross-functional membership because the diversity of various engineering and management disciplines provides a wealth of experience the team can draw on.
 * Advantages:
 * 1) Team collaborates. Collaboration occurs when two or more individuals with complementary skills interact to create a shared understanding that none had previously possessed or could have come to on their own.
 * 2) A team is brought together to achieve specific goals and it is committed to achieving those goals.
 * 3) As the task evolves, the team roles also evolve. Consensus is the decision-making process of mature team.
 * Disadvantages
 * 1) Groups communicate. Communication is the exchange of thoughts and information. Groups do not possess diversity of disciplines
 * 2) Engineers are usually do not concern themselves with budgeting a project. They are kin on only solving problems.
 * 3) Groups do not have the big picture due to the lack of diversity thus, they never mature.
 * 4) What is the key to establishing an effective team? What is the difference between a group and a team? Do you think it is difficult to sustain a high-performance team? Discuss why you do or do not think so.
 * The key to establishing an effective team is understanding three important team concepts:
 * 1) A team is not a group. Groups communicate; teams collaborate. Communication is the exchange of thoughts or information. Collaboration occurs when two or more individuals with complementary skills interact to create a shared understanding that none had previously possessed or could have come to on their own.
 * 2) A team is task oriented. A team is brought together to achieve specific goals it is committed to achieving those goals. Team members have a sense of shared purpose.
 * 3) A team matures over time. As the task evolves, the team roles also evolve. Consensus is the decision-making process of a mature team.
 * High-performance teams have been created by beginning with an innovative workshop that trains in the basics of teamwork, problem-solving methods, and using data to achieve a goal. I believe that sustaining a high-performance team is hard initially but as the team matures, it becomes easier to sustain it. Everybody has their own way of making friends, for some it is quick and for others it is a long process. However, with time, everything matures and eventually working on the team becomes fun, committed, and empowered.
 * 1) One way to clarify team goals is to ask team members to assess the risks of success. Identify and prioritize five risks of defining the organization’s standard risk management process. Describe a mitigation strategy for each identified risk.
 * Reduce bureaucracy - Remove unnecessary approval cycles and paperwork.
 * Eliminate duplication - Remove steps that are repeated.
 * Add value - Assess whether the activity servers the customer’s requirements.
 * Minimize errors - Make it difficult to introduce an error during the activity.
 * Standardize - Select a single best way to do the activity.
 * 1) What does it mean to “level the playing field”? Do you think it is important for an action team to do so? Explain your answer.
 * Level the playing fields means that everyone shall begin work with a common understanding of the vocabulary that will be used. I believe it is extremely important for action team to do so because, basic knowledge required to execute the action plan is established. Everyone will start off with process definition and risk management concepts so if a members will be able to identify and assess the risk and bring it to attention.
 * 1) Compare and contrast two process-design methods. You may select IDEF0, ETVX, the 3 R’s, or another method. Discuss which process design method is best, and, why. Can you design a hybrid method that would be better? If so, what improvement would your approach have over the current best method?
 * I will describe IDEF0 and 3R’s method. If I have to design the hybrid model, then I would chose to combine both IDEF0 and 3R models to give specific inputs to specific roles and specific responsibilities to particular role.
 * IDEF0 process: Process elements are described using inputs, outputs, control and mechanisms.
 * 1) Process elements are connected to make more complex process definition.
 * 2) Using IDEF0 is systematic and easily understood and implemented.
 * The 3 R’s: Role, responsibility and resources are the 3R’s described by a business engineering approach developed by David Taylor.
 * 1) Customers and suppliers both internal and external are addressed.
 * 2) Based on modeling roles that encapsulate responsibilities and resources associated with the role.
 * 3) Solutions are developed from recursive design, construction and test of requirements mapped to responsibilities and resources.
 * 4) Discuss how scope relates to action team success. List five ways the scope of process definition can be adjusted to increase the chance of action team success.
 * To properly scope team’s work, the team should consider the risk of defining scope incorrectly. A procedural change has a narrow scope. A change that is structural has a broad scope. The degree of change is radical. Sometimes there is a large degree of desired change from “as is” to “should be”. We may start with a clean sheet of paper to define a new process. The philosophy may be, “We know what does not work”. The risk is higher, but the reward may be greater. A product scope review checklist can be used to ensure the completeness of the following work products:
 * Draft outline - Define the outline like a table of contents that contains the topics in the order that they will be covered. Describe the goal, objective, purpose, and context.
 * Product scope - Define the process as a “black box”, with input and outputs only. Define the process entry criteria and prerequisite conditions or products needed to start the process. Define the process exit criteria and verification criteria needed to end the process.
 * Process diagram - Draw the process using the standard process notation.
 * Outline – Critical activities are identified
 * Scope – the scope of the process is not too narrow or too broad.
 * Entry criteria – the inputs are identified
 * Exit criteria – the outputs are identified
 * Roles – Roles and responsibilities for the activities have been defined.
 * Requirements – The process will satisfy the planned goals and objectives.
 * 1) Describe the not-invented-here syndrome. List three possible consequences of this syndrome with respect to a standard process definition. Explain how extensive review of the draft standard process helps to avoid the not-invented-here syndrome. Discuss other ways to prevent the not-invented-here syndrome
 * The purpose of defining a standard process for an organization is to own the process and thus avoid the “not-invented-here” syndrome. Taking some time to define the standard process will help reduce cost in coming up with process for all the systems. When the standard process is in place, then multiple systems can use the standard process and can modify sub-sections of the process to leverage to their system.
 * The process is evaluated in the following areas:
 * Implementation of approved organization policy
 * Compliance to action plan
 * Compliance to product standards
 * Closure of action items
 * Overall quality and usability
 * 1) What is the advantage to a project if its organization has a reusable risk management process? Estimate the cost savings to the project in terms of budget, schedule, and staff resources.
 * One of the major advantages is to save time, money and staffing by avoiding “reinventing wheel” situations. This will allow the project to transition faster from planning to execution to testing and fielding stages.

=Chapter 11=
 * 1) Do you think risk management is important?
 * I think risk management is extremely important in any discipline i.e., from work to home to everyday situations. Preparation is the key to implementing risk management successfully.
 * 1) Explain the order of the risk management building blocks. Discuss what each training module provides as a foundation to prepare for the next building block.
 * The following training modules provide risk management instructions:
 * Risk management concepts
 * Risk assessment methods
 * Risk management process
 * Risk management measures
 * Proactive risk management
 * 1) Describe the five themes for the progressive increments of risk management vocabulary. Which term from each increment best represents this theme? Discuss how each group of terms supports this theme.
 * Risk management concepts.
 * Crisis management, loss, rework, risk, and uncertainty.
 * Risk assessment methods.
 * Acceptable risk, choice, consequence, decision, estimation, evaluation, probability, risk assessment, risk checklist, risk exposure, risk identification, risk list, and risk management.
 * Risk management processes.
 * Casual analysis, corrective analysis, diversification, proactive, process, risk action plan, risk analysis, risk category, risk context, risk database, risk drivers, risk management plan, risk planning, risk resolution, risk statement, and risk tracking.
 * Risk management measures.
 * Cost-benefit analysis, measurement, metrics, quantitative targets, risk forecast, risk index, risk leverage, risk preference, risk scenario, ROI, threshold, trigger, and utility function.
 * Proactive risk management.
 * Creativity, opportunity, opportunity cost, problem preservation, risk control.
 * 1) How can you determine the stage of learning your audience is in with respect to a given risk management training module? What is the likelihood that your students are in different stages of learning? How can you accommodate diverse abilities in a single classroom?
 * There are 4 stages of individual learning:
 * Unconscious inability
 * Conscious inability
 * Conscious ability
 * Unconscious ability
 * The trainer should be sensitive to the current learning stage of the target audience. If people understand that the stages of learning are normal and universal, they will be able to articulate the stage they can associate with.
 * 1) Which instructional techniques do you prefer? List the techniques you will use to ensure that all your students will learn.
 * There are 4 instructional techniques
 * Contest, demonstration, game, project and show
 * Composition, demonstration, drill, quiz, recitation and test
 * Composition, lecture, project, report and test
 * Discussion, game, group project, interaction, show and simulation
 * I prefer growth for knowledge and skills technique to ensure that my students will learn.
 * 1) Compare and contrast breadth and depth of training material. Give an example of each in risk management training.
 * I need to train to fit the training material to the time constraint, which undoubtedly will require a trade-off between breadth (covering more material at a higher level) and depth (covering less material in more detail). Following are 4 examples of risk management training:
 * Growth of spontaneity and freedom
 * Growth of responsibility and utility
 * Growth of knowledge and skills
 * Growth of identity and integrity
 * 1) Discuss the utility of training metrics. In your opinion, what is good training metric for high-quality instructor-to-student ratio?
 * The metrics, like in Table 11.3 on page 188, help refine training plan by applying rules of thumb. These guidelines have been proved effective through historical data that obtained from one-day risk management training seminars. I prefer the training matrix presented in Table 11.3 for high-quality instructor-to-student ratio.
 * 1) List five ways that you can add emotion to your voice when you speak.
 * Have something good to say
 * There is no substitute for preparation and research of training material
 * Say it well
 * Practice the timing of the material so that you make each point with brevity and clarity
 * Read your audience
 * Notice the reaction of your audience to what you are saying.
 * Use words with emotion
 * Inflection in your voice provides clues to your audiences.
 * Identify with your audience
 * Begin with the level of your audience.
 * 1) Do you think it is important to review student’s expectations at the end of training? Discuss why you do or do not think so.
 * Set appropriate expectations by reviewing this list and explaining what will and will not be covered. Periodically you can review these expectations to be sure that each topic will be covered by the end of the session. At the end of the session, review these expectations with your audience to show that each topic was addressed. Be sure to call for questions at the end of each training segment to encourage participation. Training evaluations help you improve future training sessions and performance. Training evaluation should ask the students to rate and comment on their assessment of training in the following areas:
 * Value of training content
 * Speaker presentation skills
 * Training facilities
 * The part of training I liked best
 * 1) Are you ready to manage risk? If so, how have you prepared to manage risk? If not, what will you need to be prepared?
 * From the course of this material and work, I believe I am ready to implement a risk management plan. I have general roadmap of how to implement risk management plan. In fact, I have been using general standard process defined by my organization to create risk management plan. The topics covered in this book so far also gives me an insight on how to look for process improvement opportunities and mature our organization’s standard process and risk management plan.

=Chapter 12=
 * 1) Compare and contrast reactive and proactive quality assurance.
 * Reactive quality assurance is aimed at detecting and correcting problems that already exist, whereas, proactive quality assurance requires an emphasis on cause-effect knowledge, risk analysis, experience and judgment to justify action. Proactive approach can lead to accelerated development cycles and avoidance of losses, advantages that contribute toward quality for the customers and thus yield a more productive environment. An important customer of proactive quality assurance practices is project management.
 * 1) Discuss why productivity is meaningless unless you know what your goal is.
 * Well any productivity is meaningless if you cannot quantify the results. Managing risk allows us to do just that. This intermediate objective is necessary to overcome the obstacle of a faulty plan or deficient practices. The objective of verifying compliance is to determine improvement potential to the plan and of the practice. The distinction between verifying compliance and improving process is the difference between short-term and long-term advantage. In the beginning of a project, “verify compliance” precedes “improve process”. We cannot improve a process that has not been adequately planned or implemented correctly.
 * 1) Explain how verifying compliance of practices to plans is a way to engineer quality results.
 * The first step in verifying compliance to risk management practices is to review the risk management plan in order to understand the activities, agents, and artifacts of the plan to prepare for a compliance audit. Activities are the risk management practices expected to be performed by the project personnel. Agents are the project roles with responsibility for risk management activities. Artifacts are the expected outputs produced by performing risk management.
 * 1) Explain why you must verify risk management implementation before you improve the risk management process.
 * Process on paper is generally lot different from one executed in reality. Process has to be implemented to discover its shortfalls. This will also help in verifying the compliance; mature the risk management plan, and standard process.
 * 1) List five artifacts of performing risk management.
 * Completeness
 * Do the contents consider all aspects of risk management? Use an outline of a risk management plan as a checklist. Initial the checklist when the plan is complete with respect to the major sections of the outline.
 * Understandability
 * Is the plan easy to read and comprehend? Perhaps a glossary is necessary so that new employees or subcontractors can interpret the plan intended.
 * Level of detail
 * Is the level of detail sufficient to execute the plan? A detailed plan specifies what will be done, when, by whom, and how much it will cost. If these aspects of the plan are not clear, the plan needs additional detail.
 * Consistency
 * Is the plan ambiguous? Look for any contradictions that would confuse the implementation of the plan. For example, inconsistent terminology in the plan can cause people to have difficulty communicating about risks.
 * Realistic
 * Is the perspective of the plan practical? Any plan the claims, “Everyone on the project will continuously perform risk management”, is not realistic. Check for altruistic statements that lack common sense.
 * 1) In your opinion, what are the attributes of a high-quality risk management plan?
 * If we want a high-quality software system, we must ensure that each of its parts is of high quality. Auditing agents and artifacts will help to uncover potential problems. Quality assurance is responsible for auditing the quality actions of agents (e.g., project personnel) and alerting management to any deviations. Quality assurance is responsible for auditing the quality of artifacts (e.g., process evidence) to ensure management that the work is performed the way it is supposed to be.
 * 1) Do you think that quality assurance professionals can be effective when they do not report through an independent chain of command? Discuss why you do or do not think so.
 * Because of the human factor, independent checks are necessary. Quality assurance can be effective when competent professionals report through an independent chain of command and support the development of product quality. By having an independent review, we can have a separate eye inspecting the process and quality of the product. Quality assurance monitors its own organization to ensure that established standards and procedures are followed.
 * 1) List five responsibilities for the project role of quality assurance.
 * Do you have or have you read the risk management plan?
 * Do you know where the risk database is?
 * Do you have any risks assigned to you for mitigation?
 * What is your mitigation action plan?
 * What are the thresholds for your risks?
 * 1) Discuss how to ensure the compliance of quality assurance practices.
 * There are 3 industry and government standards that require quality audits: ISO 9001, MIL-STD-498, and SEI CMM.
 * ISO 9001’s purpose is to externally perform quality assurance. The guidelines for the application of ISO 9001 to the development, supply, and maintenance of software are detailed in ISO 9000-3. This standard is for use when you must ensure conformance to specified requirements during design, development, production, installation, or servicing.
 * MIL-STD-498’s purpose is to establish uniform requirements for software development and documentation. This military standard implements the development and documentation processes of ISO/IEC DIS 12207. This standard requires software quality assurance as ongoing evaluations of activities and resulting products to ensure that each activity is being performed according to the plan. It requires that the persons responsible for ensuring compliance with the contract shall have the resources, responsibility, authority, and organizational freedom to permit objective software quality assurance evaluations and to initiate and verify corrective actions.
 * SEI CMM’s purpose is to describe the key elements of an effective software process. It describes an evolutionary improvement path from an ad hoc, immature process to a mature, disciplined process. It also describes the auditing process of software quality assurance at Level 2. It also verifies compliance with applicable procedures and standards and provides the software project and other appropriate managers with the results. The verification describes the specified auditing practices to ensure compliance for the key process area.
 * 1) Do you agree that the goal of competitive industry is to provide quality products and services at the most economical costs? Discuss why you do or do not agree.
 * I agree, however quality is relative measure. Since the globalization, the quality of the products has relatively remained but the cost has gone up.

=Chapter 13=
 * 1) Do you agree that the people who use a process should decide what needs improvement? Discuss why or why not.
 * I believe the people who use a process are sometimes so used to it that they cannot see the potential improvements that is needed therefore it is a good idea that person from outside can evaluate the process. However, at the same time, I do believe that the person outside should be familiar with the process being used and its purpose and organization’s goal for using such a process. A system for managing risk requires checks and balances to sustain the practice overtime. We must periodically check our risk management practice for potential improvement. To obtain feedback for improvement, you can survey people’s perception of their own practice. Collectively, the people should decide what needs improvement.
 * 1) What steps would you take to improve the risk management practice on your project?
 * I would provide an appraisal method to improve risk management practice. I would design a risk practices survey to appraise method to obtain quantitative measure of risk management practices. I would distribute risk practices survey shown in Figure 13.1 on page 203 of text that requires participants to identify their perceptions of the performance and importance of risk management practices. Performance is how well the practice is completed and importance is how significant the practice is.
 * 1) List three reasons for using a structured appraisal method to assess risk management practices.
 * Survey is inexpensive and does not consume lot of time.
 * It can be automated to generate graph of strengths, weaknesses and areas for improvement.
 * It provides a quantitative measure of people’s perceptions.
 * 1) How could a person’s job category be used to analyze risk practices survey? In what way would comparisons of results by job category serve as a check and balance on the findings?
 * The survey participants are a mix of management and technical personnel. The survey is given to all those responsible for risk management as well as anyone who has used a project charge number can be considered a candidate survey participant. The survey includes categories for all possible roles, to ensure adequate project representation. Survey results are the collective knowledge and experience of the project team, organization management, and the customer. Responses should be categorized by project and organization role, that they can be compared.
 * 1) You are a process consultant hired to assess an organization’s risk management capability. What could you do to ensure the integrity of the data from a risk practices survey?
 * There are 3 steps to assess risk management practices using the risk practices survey:
 * Administer the survey to the participants.
 * Analyze the quantitative survey results using a spreadsheet.
 * Use the subjective survey feedback for the reasons discussed in section 13.1, such as “to establish a baseline for improvement.”
 * 1) Discuss the value of normalizing risk practices survey data?
 * Normalized data provide metrics and statistical comparisons. To get normalized data first we enter responses into a spreadsheet that can be used to graph the survey data. Survey responses provide an ordinal ranking, but this does not measure the distance between the data points. So we normalize the data, scale the data to fit a normal distribution and map the ordinal scale to fit a standard normal curve with a mean of 0 and a standard deviation of 1. Count the total number of responses for each response and divide by the total number of responses to determine the percentage for each slice. Substitute these adjusted scores for the raw scores in subsequent analysis.
 * 1) You are a process group member responsible for improving risk management. The quantitative baseline of risk management practices shows that performance lags importance by at least a point. What does this tell you about the need for improvement?
 * Plotting relative importance versus performance and the mean importance and performance provides four quadrants that categorize risk management practices. The quadrants show relative strengths and weaknesses and may be used to identify areas for improvement. Importance is the key to performance because we prioritize activity based on importance. The consequence of improperly valuing importance is the performance will likely suffer in proportion. The gap between performance and importance shows the need for risk management practices.
 * 1) You are a member of a process action team responsible for developing an improvement plan for risk management practices. Both performance and importance of risk management practices are consistently low. What is your strategy for improvement?
 * My improvement plan will define specific areas to be improved. To develop a realistic improvement plan, I must understand the difference between “as is” and “should be.” Determine my current “as is” practice by substantiating the objective baseline using specific examples from the subjective survey response. The practice “should be” is detailed in the Risk Management Map. I would develop an improvement plan based on the difference between “as is” and “should be” and make sure to adjust the plan for set of constraints.
 * 1) Explain how you would develop a realistic improvement plan. What constraints could cause you to adjust the plan?
 * Management should assign responsibility to implement the improvement plan. To execute the plan, involve people on projects as required to promote buy-in from the organization. Improvement plans should focus on the evolution of risk management technology that will be leveraged to satisfy the project’s risk management needs.
 * 1) How can you determine if a plan is failing? What would you do if your plan failed?
 * I would first have my steps to improve the risk management practices:
 * Develop an appraisal method
 * Assess risk practices
 * Develop an improvement plan
 * Implement the improvement plan
 * Importance is the key to performance because we prioritize activity based on importance. To improve the performance of risk management practices, we must first understand the value of the practice and find the source of failure or improvement. It is necessary to improve quantitatively, because only then we can use metrics and statistical comparisons to determine if the plan is failing. If the plan were failing, I would go back, start the improvement process, and quantify the results to characterize progress and trends in performing risk management.