Ankit+Amin

=Chapter 4=
 * 1) **1** Describe the risk identification process goals. Why is each goal important? Define quantitative success criteria for each goal
 * Encourage input of perceived risk from the team. This helps in identifying risks from different phases of the project. For example, a development team might have different risks than those of maintenance and testing teams. This will help mitigate uncertain risks throughout the life-cycle of the project. I believe this goal should be 20% of the entire criteria.
 * Identify risk while there is time to take action. Identifying risk earlier in the project helps save money. It also gives us ample time to implement a solution thus by saving time and money. I believe this goal should be 15% of the entire criteria.
 * Uncover risk and sources of risk. I believe it is very important to find the source of the risk. I believe this goal should be 25% of the entire criteria.
 * Capture risk in a readable format. I believe once the risk is identified it is very very important to document the risk and have some traceability of the risk and its mitigation plan. I believe this goal should be 20% of the entire criteria. I believe this goal should be 15% of the entire criteria.
 * Communicate risk to those who can resolve it. Once the risk is identified, it is a good idea to distribute the risk and its solution to the entire team. I believe this goal should be 15% of the entire criteria.
 * Prevent project surprises. I believe by having a good risk identification process we minimize project surprises. There will always be surprises because I believe that there is no such thing as a robust code but rather only degree of robustness could be improved. I believe this goal should be 10% of the entire criteria.


 * 1) **2** In what way do project resources, project requirements, and the risk management plan regulate the risk identification process? Is there a relationship among these process controls? Discuss why there is or why there is not.
 * Project resources, project requirements, and the risk management plan are part of the process control. They determine when and how the process is executed. Project resources constrain the scope of risk identification in terms of cost, time and staff. Project requirements are influenced by contractual requirements and organizational standards. Risk management plan identifies an entity that has the responsibility and authority for risk management activities.


 * 1) **3** What is a risk assessment? Cite three reasons to perform a risk assessment early in the project. Imagine that you were brought in to replace a retiring project manager of a project in the design phase. Would you delegate the task of performing a risk assessment? Discuss the ways a baseline of assessed risks would be valuable to you.
 * Risk assessment is a thorough method for risk identification that uses risk checklist. It is used to identify the risk and evaluate risk based on probability, consequence and time frame for action. Risk assessments are usually performed to identify risk and its solution so we would have solution at hand if the event comes to past. We require assessments so we can identify and implement the solution, modify project requirements and mitigate negative effects on cost and schedule. I would never delegate the risk assessment. If I am a project manager, then I need to be aware of all the risks involved in the project. A baseline of assessed risks can help add project requirements, identify risks earlier in the project and provide some traceability of risk and solution.


 * 1) **4** List five methods to identify risk. Describe how you would perform a risk assessment using each of these methods. Compare and contrast the methods in terms of their efficiency and effectiveness. For example, if it is more effective to involve more people, then which methods enable more people to participate?
 * Checklist
 * I would use the checklist to ensure all the risks are identified based on project requirements and its life-cycle.
 * Meeting
 * I would hold regular meetings to help determine course of action for risk mitigation, create a traceability and at the same time get inputs from different team(development, testing, maintenance) members
 * Review
 * More eyes can help spot problems. They can also help improve the risk identification processes.
 * Routine input
 * Routine input from teams can helps in managing risk and its solutions.
 * Working group
 * Getting all the teams (development, testing and maintenance) involved in risk identification can help identify risk early and thus save time and money.
 * I would create a checklist based on the requirements and life-cycle of the project. I would get everyone involved in the project from development, testing and maintenance teams to help verify and augment the checklist. Meetings will help come up with risk management plan and reviews will be help to validate the risk management plan or improve the process. Routine input from teams will help create traceability and progress. I believe building a working group consisting of team leads from each teams would be more effective than having all the team members getting involved.


 * 1) **5** List three reasons to categorize risk. Do you think the number of risks identified in a particular category is a significant measure? Discuss why you do or do not think so.
 * We categorize the risk because we would like:
 * To find out the source of the risk and the phase of the project (development, testing or maintenance) it will affect.
 * Assign it to the proper team and have entire team evaluate the solution.
 * Define process for risk management
 * Depending on the project life cycle, I would not recommend placing all the risk in particular category. For example, if the risk is due to particular testing equipment which is rarely used then I would not place a software requirement on that particular failure.


 * 1) **6** Write a risk statement. What are five benefits of using a structured format for documenting risk? How do you think communication of identified risk changes with the use of risk statement? Explain your answer.
 * Software shall process a CW waveform from particular emitter with highest priority. This will help ensure our safety and increase our mission success rate. This requirement shall be implemented in XX subsystem. Structured format allows us to know what we are tracking, who is responsible, its progress, its category, and its solution. The statement above contains events, conditions and constraints.


 * 1) **7** You just found out that your software subcontractor has filed for bankruptcy protection. How will you communicate significant risk to your management? Do you plan to communicate the risk as soon as possible, or take the time to assess it? What information will you communicate to your management?
 * Notify the management of the bankruptcy regardless of the severity of the event. Determine the project contribution of subcontractor. Assess if their portion can be done in-house. Create an impact plan with working group and execute the plan as soon as possible. The impact plan will contain cost, schedule and staffing factors. I would give management the impact plan generated with inputs from the working group.


 * 1) **8** Develop a risk checklist for the requirements, design, code, or test phase of software development. Which phase do you think has the greatest risk? Explain your answer.
 * Requirements
 * Operations: Windows and Linux
 * Detect any and all virus and malware signatures and store the signatures
 * High degree of robustness
 * Design: I believe the design phase will have biggest risk because one system can be heavily modified while other is limited therefore it will impact on speed and performance of the application.
 * Java, GUI, Performance and degree of robustness
 * Testability
 * Interoperability
 * Code
 * OO Coding with any design pattern
 * Test
 * Create test suite from Snort and generate bad signatures in Windows and Linux environment. Test using with and without Anti-virus software.


 * 1) **9** Discuss the concept of confidentiality in risk assessment. When is confidentiality necessary? In your opinion, what are the advantages and disadvantages of identifying risks in peer groups?
 * I work with highly confidential software. The software is development with many subcontractors each one with their set of requirements. It is not always a good idea to create a confidential assessment when that particular change could influence the outcome of different contractor’s program. So to mitigate such scenarios it is usually a good idea to generate generic risk statement and requirements such that both the parties can sign off.
 * Peer groups help in identifying risk. More brains the better. However, members will have their own views on the program. Some lose the big picture and focus on a program that only runs for 10% of the time. If you have 10 people with 10 different views, it can be manageable but if you have 30 people then it becomes unmanageable to please everyone.


 * 1) **10** How does knowing your risks provide opportunities to manage and improve your chances of success? Explain your answer.
 * Knowing the risk can help create a solution far in advance. Therefore, if such event occurs you will have the solution right there. This will help cost, schedule and staffing hours greatly.

=Chapter 5=
 * 1) **1**. Describe the risk analysis process goals. Why is each goal important? Define quantitative success criteria for each goal.
 * · Analyze risk in a cost-efficient manner.
 * Software quality is always driven by cost. So more money you put in better the software quality. That being said, 95% quality is not much different from 85%. I believe this goal should be 20% of the entire criteria.
 * · Refine the risk context.
 * Risk maybe associated with a part of a program that only runs for 10% of the time. We need to focus on risks which are associated with 90% of the program. I believe this goal should be 20% of the entire criteria.
 * · Determine the source of risk.
 * Find the source of the problem. I believe this goal should be 10% of the entire criteria.
 * · Determine the risk exposure.
 * Determine whether the risk is internal or external. Can the event be caused by external factor or internal factors? I believe this goal should be 10% of the entire criteria.
 * · Determine the time frame for action.
 * Prioritize the risks and their actions. Risk that is associated with 90% of the program has to be placed higher than the risk associated with 10% of the program. I believe this goal should be 20% of the entire criteria.
 * · Determine the highest-severity risks.
 * Identify the consequences of the risks. I believe this goal should be 20% of the entire criteria.

I would assign a secretary to collect, enter, and manage risk database.
 * 1) **2** List five ways that a risk database can assist the risk analysis process. How would you ensure that the risk database is maintained?
 * Group similar and related risks
 * Determine risk drivers
 * Determine source of risk
 * Use risk analysis techniques and tools
 * Estimate the risk exposure


 * 1) **3**. What are risk drivers? Describe the known software project risk drivers for both cost and schedule. Develop a matrix to show how these risk drivers relate to each other.
 * Risk drivers are the variables that cause the probability and consequence of software risk to vary significantly. Risk drivers for cost are located in cost-estimation models and schedule drivers include the items on critical path. Schedule and cost drivers can have linear relationship.


 * 1) **4**. Why is it important to determine the source of risk? Describe the techniques that are available to understand the root cause of risk.
 * If we know the source then we can create a complete solution instead of applying patch after patch after patch. However, it is hard to find a source of a risk if the system is highly integrated and in used for several decades. Determining source of risk is to ask the question Why? five times for each risk.


 * 1) **5**. Unrealistic schedule and budget has been identified as a risk. Perform a causal analysis to prevent this problem on your next assignment. What are the chances that your corrective actions will be implemented successfully? Why do you think so?
 * Causal analysis is a 3 step process:
 * Determine the cause of the error
 * Determine the actions that will prevent the error in the future
 * Implement these corrective actions
 * Using risk analysis techniques to structure, analyze, evaluate and communication can help in preventing unrealistic schedule and budget. Structure determines the decision, alternatives, uncertainties and value of outcomes. Analyze decision model help determine important variables and define their probabilistic relationship. Evaluation model helps calculate possible outcomes and communication helps make decision as a team. There have also been some automated risk analysis tools like multiattribute utility can be used to prevent such risks.


 * 1) **6**. You are the technical leader of a project that is on the cutting edge of wireless communication technology. Time to market is critical to your project’s success, but there is a shortage of people with domain experience. Use the risk analysis technique of your choice to structure, analyze, evaluate, and communicate this risk.
 * Identify the risk and come up with solution options. Get someone to train the staff if schedule permitting if not hire a marketing firm. If I get some to train us then we will retain the marketing expertise for other projects as well. It will also be cost-effective but schedule might be at risk. Now if we hire a marketing firm then we will never get marketing expertise for future products. Might be expensive but it will allow me to focus more on completing the project for marketing.


 * 1) **7**. How can you define time frame for action to help prioritize risks? What is the value of using time to evaluate risk? Give an example that uses time to evaluate risk.
 * A risk exposure and the time frame for action determine the relative risk severity. Risk severity helps to distinguish the current risk priority. Higher risk severity, higher risk priority. Time value helps with management and progress traceability. It also helps development team which subsystem to focus on.


 * 1) **8**. When should risk analysis be qualitative? When should risk analysis be quantitative? Explain your answer.
 * It should be qualitative for testing and maintenance teams. It should be qualitative to everyone except the coders that includes management, customers, users and anyone who is non-technical. Using you don’t want to go into details about the risk analysis with higher ups and customers unless they ask us to do so.


 * 1) **9**. Many risks are interrelated. Analyze the following compound risk: Unstable requirements with a tight budget will likely cancel the project. Discuss the dependencies that exist between the two risks.
 * Well as I said before, cost drives the software quality. Improper set of requirements generally means lot of patches later during the life-cycle of the project. That means more cost and more work. We need to balance the requirements and budget. For example, high priority functionality should be defined first following by lower priority ones as optional or rather incentive based. Budgeting should be done based on high priority tasks and put budget as risk for incentive based tasks.


 * 1) **10**. Why are consensus-based prioritization schemes useful on software projects? In general, would you expect individuals to agree on risk priorities? Discuss why you would or would not expect agreement.
 * It is used to rate the risk rather than to rank it. Rating the risk allows team members to get relative importance of the risk. I would not expect individuals to agree on risk priorities because no two people will rate the task at the same level. However, general team consensus will rate it relative to the majority rating.

=Chapter 6=
 * 1) 1. Describe the risk planning processes goals. Why is each goal important? Define quantitative success criteria for each goal.
 * Provide visibility for key events and conditions
 * Key events and condition are used to monitor the risk. I believe this goal should be 20% of the entire criteria.
 * Reuse successful risk resolution strategies
 * Documentation allows us to reuse the risk resolution used in previous project. I believe this goal should be 20% of the entire criteria.
 * Optimize selection criteria
 * i. Criteria designed to reduce exposure to risk. This helps determine the best alternative to resolve a risk. I believe this goal should be 20% of the entire criteria.
 * Understand the next action for each high-severity risk
 * Knowing what and how to implement an action for high-severity risk helps mitigate risk. I believe this goal should be 20% of the entire criteria.
 * Establish automatic triggering mechanisms
 * Automatic triggering mechanism can be used to group similar risks and also potentially provide solution. I believe this goal should be 20% of the entire criteria.


 * 1) **2**. Do you agree that risk scenarios should be developed for significant risks only? Justify your answer.
 * No I believe the risk scenarios should be developed for all the risks. However, more focus should be given to significant risks. Avoiding smaller risk may prove to be an expensive fix later during the life-cycle of the project.


 * 1) **3**. Describe the events and conditions in the following risk scenario: The development process has been ignored, and product defects are increasing.
 * No development process means it may not have requirement traceability process thus the program may or may not have requirement trace.
 * Development process is ignored then code may not be unit tested properly. Therefore code is not verifying and validating requirements.
 * Customers not satisfied with product and eventually lose current and future business.


 * 1) **4**. Discuss how you might use risk protection and risk transfer to combat a system reliability risk. Discuss the similarities and differences between these risk resolution strategies.
 * Risk protection and risk transfer allows me to transfer risk to the entity that has full or more control over the risk in question. I will follow the documentation to check its track progress.


 * 1) **5**. Many individuals within your organization have trouble keeping up with new technology. The learning curve for integrating new technology into your organization has been identified as a risk. Develop a risk resolution strategy to address this risk. Include your organization’s objectives, constraints, and alternatives.
 * Organization objective is to minimize the learning curve. Find out how they would like to be trained: formal classroom settings or on-line self-paced training. Get trained based on majority vote on type of training.


 * 1) **6**. A significant integration risk has been identified. The cause is determined to be a lack of through software testing due to insufficient time allocated to the integration and test phase. You have been assigned to investigate this risk and make recommendations to reduce the risk. Project management wants to maximize software quality and minimize total cost. How would you trade off these confliction objectives? What are your recommendations to project management regarding this risk?
 * Knowing the severity of the problem and management’s goals of quality and cost, I would recommend that the schedule to be shifted to right to get better quality of the product now with relatively low cost overhead then bad quality of product with more cost later during time. We could have better product with X+Y amount and have bad product at X amount with future updates with new cost-estimates.


 * 1) **7**. Discuss the risk leverage that exists in the operations and maintenance phase of the life cycle.
 * If an event were identified in operations and maintenance phase then it would cost more to fix during that phase. Like previously stated, it is cheaper to fix the error during project development phase then it is to fix in the later phase of the life cycle.


 * 1) **8**. How can a threshold be used as part of an early warning system?
 * Threshold can be used to indicate the need to execute the risk action plan. The risk action plan is a documentation of selected approach, resources requirement, and approval authority for risk resolution. A threshold is a warning level associated with a quantitative target. Thresholds establish the minimum acceptable value with respect to the quantitative target. Values over threshold define the inception of risk occurrence. Predefined thresholds act as an early warning system to indicate the need for action.


 * 1) **9**. As a system engineer, you are responsible for requirements management. Develop a graph of expected software requirements volatility over the project life cycle. Define the quantitative target and associated warning level for software requirements volatility at each stage of development.
 * My graph would be like Figure 6.1 described on page 112.


 * 1) **10**. Discuss the following human traits that are useful in coping with uncertainty: attitude, belief, confidence, courage, faith, and imagination. Which trait do you think is the most important? Explain your answer.
 * Attitude is important. It should be positive and always remain calm and collected to deal with any uncertainty. Follow the process used to deal with uncertainty. Belief is having faith in your product. Confidence is an important in selling your product. Courage shows that you are not afraid to tackle problems that are more complex. In addition, imagination is essential in coming up with creative solution to unique problem. I believe the most important is confidence and imagination is the most important traits to have when dealing with customers and managements and other team members.

=Chapter 7=
 * 1) 1. Describe the risk tracking process goals. Why is each goal important? Define quantitative success criteria for each goal.
 * Monitor the events and conditions of risk scenarios
 * Monitoring the events and conditions of the risk helps in determining if we are heading to solution. I believe this goal should be 20% of the entire criteria.
 * Track risk indicators for early warning.
 * Tracking risk indicators will help mitigate risk. It also helps in finding any dynamic risks. I believe this goal should be 20% of the entire criteria.
 * Provide notification for triggering mechanism.
 * Triggering mechanism helps to activate, deactivate or suspend activity such as activating risk action plan. I believe this goal should be 20% of the entire criteria.
 * Capture results of risk resolution efforts.
 * This goal helps in keeping resolution documentation up-to-date. I believe this goal should be 20% of the entire criteria.
 * Report risk measures and metrics regularly.
 * Reports helps in keeping the project community well informed about risk measures and metrics regularly. I believe this goal should be 10% of the entire criteria.
 * Provide visibility into risk status.
 * Project community needs to know the risk status. I believe this goal should be 10% of the entire criteria.


 * 1) **2**. Do you think tracking risk scenarios can indicate success or failure of the risk resolution activity? Explain how monitoring risk scenarios increase your certainty over time.
 * I do believe that tracking risk scenarios can indicate success or failure of the risk resolution activity. Tracking risk scenarios helps in determining if the probability of risk occurrence is increasing. If it is increasing then alternative solution must be sought or more work needs to be done to bring the probability within the acceptable range.


 * 1) **3**. Your project tracking tool has been updated to include the latest software modules completed through unit test. The cumulative earned value indicator fell below the planned threshold. Explain how your tracking progress will react to this event.
 * Software measures such as earned value are leading risk indicators. By setting thresholds for each indicator, we ensure that we will be alerted to any danger. These indicators will be included in project cost model throughout the life cycle of the project. Earned value measures the amount of work remaining by comparing planned and actual milestone completion. In this scenario, actual is less than planned and tracking tool will indicate that the some attention is required to mitigate this risk.


 * 1) **4**. Explain how triggers can be used to regulate risk action plan execution.
 * Triggers provide 3 basic control functions: activate, deactivate, and suspend. To activate, triggers provide wake-up call for revisiting a risk action plan. To deactivate, triggers can be used to signal the closure of the risk resolution activity. To suspend, triggers can be used to put the execution of risk action plans on hold.


 * 1) **5**. List two types of triggers that can be used to provide notification of unacceptable risk. Give an example of how each trigger can activate a risk action plan. Describe who will be notified, and how they will be notified.
 * Periodic Event is a notification for activities. Project-scheduled events like monthly status report, project action and risk items review, technical design reviews are the basis for periodic event triggers. Management and project leads will be notified using this type of trigger.
 * Elapsed Time is a notification of dates. Project schedule milestone dates is the basis for elapsed-time triggers. Management, project leads and other teams like testing team will be notified.


 * 1) **6**. Discuss the relationship among the key indicators of a software project: progress, size, change, quality, risk, and staff.
 * Progress: Earned value measures the amount of work remaining by comparing planned and actual milestone completion.
 * Size: Lines of code measure the software size by counting physical or logical sources statements.
 * Change: Usually during the life cycle of the program requirements are added, deleted, or modified.
 * Quality: The number of defects closed and open measure the errors found and fixed with the number of errors remaining.
 * Risk: Risk exposure measures the level of unresolved risk.
 * Staff: Staffing always varies during the life cycle of the project. That causes a productivity drop and schedule disruption.


 * 1) **7**. No single metric can provide wisdom. Describe the minimum set of metrics that you would recommend to ensure project success.
 * Number of risks
 * Risk exposure
 * Risk severity
 * Risk threshold
 * Risk management index- allows me the overall risk exposure.
 * Return on investment- allows me to make proper budget for the software


 * 1) **8**. Discuss the consequences of reporting risk metrics that are not timely, validates, economical, or understandable.
 * Chaos! Some heads are going to roll. Program will be cancelled due to enormous cost overhead to put the project back on track. Program will go through lot of patches and testing over and over.


 * 1) **9**. What measures and metrics should be tracked to ensure a cost-effective risk management process?
 * Any measure that is function of a cost. For example, risk leverage, risk indicator, return on investment and risk management index.


 * 1) **10**. How do you think risk management reserve should be monitored? Explain your answer.
 * As previously stated, higher priority requirements should be budgeted first from the actual project $$ pool and lower priority requirements should be budgeted from reserve if we run out of project $$. We have to monitor these reserve pool of $$ so if a contractor does finish low level requirements then payout should be immediate. If you do not pay then the low priority requirements will need new contract with higher cost estimates.


 * 1) **11**. Do you agree that the greatest potential for control tends to exist at the point where action takes place? Discuss why you do or do not agree.
 * I agree. I believe if the solution is quick then it should be implemented right there with low cost because if we leave if for later then it would cost more to fix it later in time.

=Chapter 8=
 * 1) **1**. Describe the risk resolution process goal. Why is each goal important? Define quantitative success criteria for each goal.
 * Assign responsibility and authority to the lowest possible level.
 * Allows the person in charge of mitigating the risk to be the authority to decide if the risk has been mitigated or not. I believe this goal should be 10% of the entire criteria.
 * Follow a documented risk action plan.
 * Straying from risk action plan causes the probability of risk to increase. Risk action plan allows us to stay on path and also help verify and validate the action plan. I believe this goal should be 20% of the entire criteria.
 * Report results of risk resolution efforts.
 * This will help in deciding if the risk action plan is making a progress. I believe this goal should be 10% of the entire criteria.
 * Provide for risk aware decision making.
 * Helps team to be aware of the decision taken for the risk and also will help give alternates if the decision fails. I believe this goal should be 10% of the entire criteria.
 * Determine the cost-effectiveness of risk management.
 * Goal of any project is better quality of program with low cost. Risk resolution with high cost does not mean much if the risk is only to the 10% of the rarely used code. I believe this goal should be 10% of the entire criteria.
 * Is prepared to adapt to changing circumstances.
 * Technologies change dramatically so have to keep up with the changing requirements. I believe this goal should be 10% of the entire criteria.
 * Take corrective actions when necessary.
 * Have to make correct decision. I believe this goal should be 10% of the entire criteria.
 * Improve communication within the team.
 * Communication with team is the important in making risk identification, analysis, tracking and resolution. I believe this goal should be 10% of the entire criteria.
 * Systematically control software risk.
 * Implement risk action plan for each risk to verify when, how and where to solve the risk and document it. I believe this goal should be 10% of the entire criteria.


 * 1) **2**. Your requirements specification contains 100 requirements. The design phase began even though 20 percent of the requirements had TBDs (to be determined shall statements). The best-case outcome is that all your assumptions will be correct. Your training in risk management leads you to believe that about half of the TBDs are at risk. Calculate the cost of rework based on the assumption that half of the TBDs are at risk. What is the most likely outcome?
 * As we know that rework usually cost more than original. Let us say it costs 30% more for rework. Then from the scenario, we know that we are going to do rework on 10 requirements. Now let us say if the cost of original is $50 per requirement then it would cost $65 per rework requirements. That mean the total cost for original (100 requirements) would be $5000 vs. $5650 for rework. The rework would cost 12% more than original work. This is a good faith estimates but in real world the rework would cost in orders of few hundred thousands if not millions.


 * 1) **3**. You identified an external system interface risk at a design review, and a technical interchange meeting was scheduled to resolve it. Ten people met for two hours before deciding on an agreeable resolution. Calculate the cost savings for preventing this problem, assuming that it would have been detected during system integration.
 * Well since we found it in design phase the cost would be negligible if not any compare to if the project has gone through design phase. Finding the problem later would involve going through the entire software development cycle and also detecting the source of the problem, rework, and unit testing.


 * 1) **4**. What is the rational for assigning a risk action plan to the lowest possible level? What do you think would happen if the project manager was personally responsible for all the risks and their resolutions?
 * Assigning the person in charge would be the subject matter expert and they would be the one know how to mitigate the risk the best. Program manager would not know the lower level details like those low level designers. Program managers would just know the problem and would be able to offer any solution. However, program manager should keep tracking the progress of the risk resolution plan.


 * 1) 5. What are the two fundamental components of risk resolution? Why are they fundamental?
 * Creativity and collaboration. Creativity is inventiveness in originating ideas. Implementing risk action plan may require generating new and innovative ideas. Collaboration helps bring more individuals’ ideas to form a solution and alternatives. Many times a programmer would not be able to see a risk in its own program therefore it is better to have it peer reviewed to identify risk and come up with solution.


 * 1) 6. List five difficulties and five uncertainties that you have in your current assignment. Describe an opportunity that exists in each difficulty and uncertainty that you face. How could you exploit these opportunities?
 * Difficulties
 * General direction for project
 * No template for report
 * Materials not expressed with real world scenarios
 * Cannot access their sources
 * Time line to complete the project
 * Uncertainties
 * Are my answers correct?
 * Am I using a proper format?
 * Verify my risk management knowledge from practice to application
 * Am I getting the point that the author is trying to make? Do I have a misunderstanding? Where?


 * 1) **7**. Reporting risk status on a regular basis improves communication within the team. What are the problems that are possible in communication among team members?
 * No all the team members are available all the time. We are taking them away from the production time of the software. Sending the wrong message, receiving the wrong message, a break in communication link.


 * 1) **8**. What is your plan to sustain the risk management process once it is in place? Quantify the resources your plan will require. What mechanisms will provide a check and balance to perpetuate an effective process?
 * Once the process is in place we have to use a corrective action procedure to help stay on process or have a way to correct any variations in the process or the product by following 4 steps.
 * Identify the problem
 * Assess the problem
 * Plan action
 * Monitor progress


 * 1) 9. How do you generate new ideas? What are the advantages of using the creative process to generate new ideas?
 * There are 4 innovation styles that help us to use the creative process methodically:
 * Envisioning
 * Experimenting
 * Exploring
 * Modifying
 * Using the creative process we can identify a complete set of options.


 * 1) 10. Do you agree that the mastery of risk is the foundation of modern life? Discuss why you do or do not agree.
 * I agree that if you master the risk you can gain lot from avoiding bad consequences but you can also gain something more valuable. Like higher the risk higher the gain in stock market but you have to be extremely good at identifying, assessing and monitoring the risks.