Do you use risk analyse methods when starting new projects?
在开始新项目时是否使用风险分析方法?
I love when fresh ppl start working at the company, they have so much theory they learn and want to implement when they start to work. Risk analysing, project management, coding standards, documentation standards and so on. (Then the reality hits them, most customers will not pay for all this) ;) But still, i really love the fresh winds and new knowledge they carry with them!
我喜欢当新鲜的人们开始在公司工作时,他们有很多理论,他们学习并希望在他们开始工作时实施。风险分析,项目管理,编码标准,文档标准等。 (然后现实打击了他们,大多数顾客都不会为此付出代价);)但是,我仍然非常喜欢他们携带的新风和新知识!
The car industry and i assume a LOT of other industys use risk analysis on daily basis when implementing a new feature or whatever they do.
汽车行业和我假设很多其他工业在实施新功能或其他任何工作时每天都会使用风险分析。
My experience is that the "risk analysing" I have done in the past was to say "this part is a tricky one, I dont know if it gonna work or not" and "If it does not work this way, we can try that way".
我的经验是,我过去所做的“风险分析”是说“这部分是一个棘手的问题,我不知道它是否会起作用”和“如果它不起作用,我们可以尝试办法”。
Today I used a risk analyse protocol belonging to the car industry, and I was impressed that it after the meeting singled out the one thing in the project that was most vulnerable. And gave a number of how much attention we should give that feature in the program against all other.
今天我使用了属于汽车行业的风险分析协议,在会议中挑选出最易受攻击的项目之后,我印象深刻。并且给出了一些我们应该在程序中对所有其他功能给予多少关注的注意事项。
Of course we have done this earlier in projects but then its just called, "What can go wrong in this project" or "What is the obstacles in the project?" not a part of a protocoll that can be meassured between projects and analysed with nubers.
当然,我们之前已经在项目中做过这样的事情,但之后又称之为“这个项目可能出现什么问题”或“项目中的障碍是什么?”不是协议1的一部分,可以在项目之间进行测量并使用nubers进行分析。
So.. I want to know everything you know about risk analysing. Enlight me!
那么......我想知道你对风险分析的所有了解。给我看!
4 个解决方案
#1
I do risk analysis all the time - both formally and informally (when assessing, for instance, if a bug needs to be fixed).
我一直在做风险分析 - 正式和非正式(例如,在评估时,是否需要修复错误)。
It's an excellent tool to give appropriate attention to the appropriate issues, avoid paranoia about some aspects of the project (sometimes, we lose perspective and worry about the wrong things), and make difficult decisions when you have limited resources.
这是一个很好的工具,可以适当地关注适当的问题,避免对项目某些方面的偏执(有时,我们会失去视角,担心错误的事情),并在资源有限时做出困难的决定。
It doesn't have to be extremely formal or time-consuming. When you get down to it, our method is simply to ask:
它不必非常正式或耗时。当你谈到它时,我们的方法只是问:
- "what's the probability of this occurring?"
- "what's the impact if this occurs?"
- "how well will we be able to handle the problem?"
“发生这种情况的概率是多少?”
“如果发生这种情况会有什么影响?”
“我们能够多好地处理这个问题?”
You give a score from 1 to 10 to all criteria, multiply them, and take preventive care of risks in decreasing order (we also have a threshold above which a risk is considered unacceptable and must be mitigated).
您给出所有标准的1到10分,乘以它们,并按降序对风险进行预防性处理(我们还有一个阈值,高于该阈值时,风险被认为是不可接受的,必须予以减轻)。
You might also add a fourth question on how much it costs to reduce the risk at the source (being in the medical industry, we don't: a risk that's considered unacceptable for the patient's health must be lowered, regardless of the cost, or that feature must be dropped)
您可能还会增加第四个问题,即降低源头风险的成本(在医疗行业,我们不会:无论成本如何,都必须降低被认为对患者健康无法接受的风险,或者必须删除该功能)
#2
I've never been involved in a project that did much formal risk analysis. However; we do slightly less formal risk analysis all the time - we're constantly making lists of things that could blow up in our faces, what we're planning to do to prevent the explosion, and what we will do if we're unsuccessful in preventing it, and it happens.
我从未参与过进行过多正式风险分析的项目。然而;我们总是做一些不那么正式的风险分析 - 我们不断列出可能在我们面前爆炸的事情,我们计划采取哪些措施来防止爆炸,以及如果我们不成功,我们将采取的措施防止它,它发生了。
I've been very impressed with the material in Waltzing With Bears: Managing Risk with Software Projects. They offer a very formal risk analysis process, but their analysis and insights are valuable on much less formal risk analysis, as well.
我对Waltzing With Bears:使用软件项目管理风险的材料印象深刻。它们提供了非常正式的风险分析过程,但是他们的分析和见解对于更不正式的风险分析也是有价值的。
#3
There are several types of risk that should be taken into account when approaching a project:
在接近项目时应考虑几种类型的风险:
- Risk of not implementing - The risk posed if the project fails, or if the project is terminated
- Risk of missed requirements - The risk that requirements will be missed
- Organizational risk - The risk created by any organizational changes caused by the change
未实施的风险 - 项目失败或项目终止时产生的风险
错过要求的风险 - 错过要求的风险
组织风险 - 由变更引起的任何组织变更所产生的风险
Additionally, there are feature specific risks:
此外,还存在特定于功能的风险:
- Integration risk - The risk that integrating a feature will cause the system to stop functioning properly
- Regression risk - The risk that the feature will cause other features to not work
- Security risk - The risk that a feature will not provide adequate protection to the system (introduce an exploit)
集成风险 - 集成功能的风险将导致系统停止正常运行
回归风险 - 该功能将导致其他功能无法工作的风险
安全风险 - 功能无法为系统提供足够保护的风险(引入漏洞)
In terms of analysis, it is important to identify the project risks qualitatively so that the team is aware of these. They are primarily mitigated by communication plans. For the feature specific risks, it is important to identify the specific risks quantitatively. Typically, the architect should document integration and security risks, and the QA team should be responsible for regression risk. I have found that there really are no tools that can do this as well as a good team that communicates well.
在分析方面,重要的是要定性地识别项目风险,以便团队了解这些风险。它们主要通过沟通计划来缓解。对于特定功能的风险,定量识别特定风险非常重要。通常,架构师应记录集成和安全风险,QA团队应负责回归风险。我发现确实没有可以做到这一点的工具以及一个沟通良好的优秀团队。
#4
Risk analysis is a fancy way of saying "covering my arse when things go tits up", and as such is an excellent way of dodging blame when things don't work out as planned (which, in software engineering, is pretty much always).
风险分析是一种说“在事情顺利进行时掩盖我的屁股”的一种奇特的方式,因此当事情没有按计划进行时(这在软件工程中,几乎总是如此)是一种避免责备的极好方法。
Risk Analysis: Point out all the things that can go wrong, write them up in a pretty .pdf, and send them to your pointy haired bosses.
风险分析:指出所有可能出错的事情,用漂亮的.pdf写出来,然后把它们发给你尖头发的老板。
#1
I do risk analysis all the time - both formally and informally (when assessing, for instance, if a bug needs to be fixed).
我一直在做风险分析 - 正式和非正式(例如,在评估时,是否需要修复错误)。
It's an excellent tool to give appropriate attention to the appropriate issues, avoid paranoia about some aspects of the project (sometimes, we lose perspective and worry about the wrong things), and make difficult decisions when you have limited resources.
这是一个很好的工具,可以适当地关注适当的问题,避免对项目某些方面的偏执(有时,我们会失去视角,担心错误的事情),并在资源有限时做出困难的决定。
It doesn't have to be extremely formal or time-consuming. When you get down to it, our method is simply to ask:
它不必非常正式或耗时。当你谈到它时,我们的方法只是问:
- "what's the probability of this occurring?"
- "what's the impact if this occurs?"
- "how well will we be able to handle the problem?"
“发生这种情况的概率是多少?”
“如果发生这种情况会有什么影响?”
“我们能够多好地处理这个问题?”
You give a score from 1 to 10 to all criteria, multiply them, and take preventive care of risks in decreasing order (we also have a threshold above which a risk is considered unacceptable and must be mitigated).
您给出所有标准的1到10分,乘以它们,并按降序对风险进行预防性处理(我们还有一个阈值,高于该阈值时,风险被认为是不可接受的,必须予以减轻)。
You might also add a fourth question on how much it costs to reduce the risk at the source (being in the medical industry, we don't: a risk that's considered unacceptable for the patient's health must be lowered, regardless of the cost, or that feature must be dropped)
您可能还会增加第四个问题,即降低源头风险的成本(在医疗行业,我们不会:无论成本如何,都必须降低被认为对患者健康无法接受的风险,或者必须删除该功能)
#2
I've never been involved in a project that did much formal risk analysis. However; we do slightly less formal risk analysis all the time - we're constantly making lists of things that could blow up in our faces, what we're planning to do to prevent the explosion, and what we will do if we're unsuccessful in preventing it, and it happens.
我从未参与过进行过多正式风险分析的项目。然而;我们总是做一些不那么正式的风险分析 - 我们不断列出可能在我们面前爆炸的事情,我们计划采取哪些措施来防止爆炸,以及如果我们不成功,我们将采取的措施防止它,它发生了。
I've been very impressed with the material in Waltzing With Bears: Managing Risk with Software Projects. They offer a very formal risk analysis process, but their analysis and insights are valuable on much less formal risk analysis, as well.
我对Waltzing With Bears:使用软件项目管理风险的材料印象深刻。它们提供了非常正式的风险分析过程,但是他们的分析和见解对于更不正式的风险分析也是有价值的。
#3
There are several types of risk that should be taken into account when approaching a project:
在接近项目时应考虑几种类型的风险:
- Risk of not implementing - The risk posed if the project fails, or if the project is terminated
- Risk of missed requirements - The risk that requirements will be missed
- Organizational risk - The risk created by any organizational changes caused by the change
未实施的风险 - 项目失败或项目终止时产生的风险
错过要求的风险 - 错过要求的风险
组织风险 - 由变更引起的任何组织变更所产生的风险
Additionally, there are feature specific risks:
此外,还存在特定于功能的风险:
- Integration risk - The risk that integrating a feature will cause the system to stop functioning properly
- Regression risk - The risk that the feature will cause other features to not work
- Security risk - The risk that a feature will not provide adequate protection to the system (introduce an exploit)
集成风险 - 集成功能的风险将导致系统停止正常运行
回归风险 - 该功能将导致其他功能无法工作的风险
安全风险 - 功能无法为系统提供足够保护的风险(引入漏洞)
In terms of analysis, it is important to identify the project risks qualitatively so that the team is aware of these. They are primarily mitigated by communication plans. For the feature specific risks, it is important to identify the specific risks quantitatively. Typically, the architect should document integration and security risks, and the QA team should be responsible for regression risk. I have found that there really are no tools that can do this as well as a good team that communicates well.
在分析方面,重要的是要定性地识别项目风险,以便团队了解这些风险。它们主要通过沟通计划来缓解。对于特定功能的风险,定量识别特定风险非常重要。通常,架构师应记录集成和安全风险,QA团队应负责回归风险。我发现确实没有可以做到这一点的工具以及一个沟通良好的优秀团队。
#4
Risk analysis is a fancy way of saying "covering my arse when things go tits up", and as such is an excellent way of dodging blame when things don't work out as planned (which, in software engineering, is pretty much always).
风险分析是一种说“在事情顺利进行时掩盖我的屁股”的一种奇特的方式,因此当事情没有按计划进行时(这在软件工程中,几乎总是如此)是一种避免责备的极好方法。
Risk Analysis: Point out all the things that can go wrong, write them up in a pretty .pdf, and send them to your pointy haired bosses.
风险分析:指出所有可能出错的事情,用漂亮的.pdf写出来,然后把它们发给你尖头发的老板。