1University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 1Lecture 10:Managing RiskGeneral ideas about RiskRisk ManagementIdentifying RisksAssessing RisksCase Study:Mars Polar LanderUniversity of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 2Risk ManagementAbout RiskRisk is “the possibility of suffering loss”Risk itself is not bad, it is essential to progressThe challenge is to manage the amount of riskTwo Parts:Risk AssessmentRisk ControlUseful concepts:For each risk: Risk ExposureRE = p(unsat. outcome) X loss(unsat. outcome)For each mitigation action: Risk Reduction LeverageRRL = (REbefore - REafter) / cost of intervention2University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 3Likelihood of Occurre n ce Very likely Possible Unlikely (5) Loss of Life Catastrophic Catastrophic Severe (4) Loss of Spacecraft Catastrophic Severe Severe (3) Loss of Mission Severe Severe High (2) Degraded Mission High Moderate Low Undesirable outcome (1) Inconvenience Moderate Low Low Risk AssessmentQuantitative:Measure risk exposure using standard cost & probability measuresNote: probabilities are rarely independentQualitative:Develop a risk exposure matrixEg for NASA:University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 4Source: Adapted from Boehm, 1989Identifying Risk: ChecklistsPersonnel Shortfallsuse top talentteam buildingtrainingUnrealistic schedules/budgetsmultisource estimationdesigning to costrequirements scrubbingDeveloping the wrong Softwarefunctionsbetter requirements analysisorganizational/operational analysisDeveloping the wrong User Interfaceprototypes, scenarios, task analysisGold Platingrequirements scrubbingcost benefit analysisdesigning to costContinuing stream of requirementschangeshigh change thresholdinformation hidingincremental developmentShortfalls in externally furnishedcomponentsearly benchmarkinginspections, compatibility analysisShortfalls in externally performedtaskspre-award auditscompetitive designsReal-time performance shortfallstargeted analysissimulations, benchmarks, modelsStraining computer sciencecapabilitiestechnical analysischecking scientific literature3University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 5Identifying Risks: Fault Tree AnalysisWrong or inadequatetreatment administeredVital signserroneously reportedas exceeding limitsVital signs exceedcritical limits but notcorrected in timeFrequency ofmeasurementtoo lowVital signsnot reportedComputerfails to raisealarmNurse doesnot respondto alarmComputer doesnot read withinrequired timelimitsHuman setsfrequencytoo lowSensorfailureNurse failsto input themor does soincorrectlyetcEvent that results froma combination of causesBasic fault eventrequiring no furtherelaborationOr-gateAnd-gateSource: Adapted from Leveson, “Safeware”, p321University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 6Source: Adapted from SEI Continuous Risk Management GuidebookContinuous Risk ManagementIdentify:Search for and locate risks before theybecome problemsSystematic techniques to discover risksAnalyse:Transform risk data into decision-makinginformationFor each risk, evaluate:ImpactProbabilityTimeframeClassify and Prioritise RisksPlanChoose risk mitigation actionsTrackMonitor risk indicatorsReassess risksControlCorrect for deviations from the riskmitigation plansCommunicateShare information on current andemerging risks4University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 7Source: Adapted from SEI Continuous Risk Management GuidebookPrinciples of Risk ManagementGlobal PerspectiveView software in context of a largersystemFor any opportunity, identify both:Potential valuePotential impact of adverse resultsForward Looking ViewAnticipate possible outcomesIdentify uncertaintyManage resources accordinglyOpen CommunicationsFree-flowing information at all projectlevelsValue the individual voiceUnique knowledge and insightsIntegrated ManagementProject management is risk management!Continuous ProcessContinually identify and manage risksMaintain constant vigilanceShared Product VisionEverybody understands the missionCommon purposeCollective responsibilityShared ownershipFocus on resultsTeamworkWork cooperatively to achieve thecommon goalPool talent, skills and knowledgeUniversity of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 8Case Study: Mars Climate OrbiterLaunched11 Dec 1998Missioninterplanetary weather satellitecommunications relay for Mars PolarLanderFate:Arrived 23 Sept 1999No signal received after initial orbitinsertionCause:Faulty navigation data caused by failureto convert imperial to metric units5University of TorontoDepartment of Computer Science© 2004-5 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 9MCO EventsLocus of errorGround software file called “Small Forces” gives thruster performance datadata used to process telemetry from the spacecraftAngular Momentum Desaturation (AMD) maneuver effects underestimated(by factor of 4.45)Cause of errorSmall Forces Data given in Pounds-seconds (lbf-s)The specification called for Newton-seconds (N-s)Result of errorAs spacecraft approaches orbit insertion, trajectory is correctedAimed for periapse of 226km on first orbitEstimates were adjusted as the spacecraft approached orbit insertion:1 week prior: first periapse estimated at 150-170km1 hour prior: this was down to 110kmMinimum periapse considered survivable is 85kmMCO entered Mars
View Full Document
Unlocking...