Practical Risk Management: Framework and Methods

Although most programs and organizations implement some type of risk management approach, preventable failures continue to occur. Many of these approaches tend to be bureaucratic and time-intensive, which can consume valuable program resources. Most programs would benefit by improving, or in some cases replacing, their current risk management practices.

SEI Mosaic is a suite of practical and innovative methods that can be used to systemically manage risk across the life cycle and supply chain. It builds on older, more traditional approaches to risk management such as CRM and OCTAVE. Mosaic enables decision makers to more efficiently engage in the risk management process, navigating through a broad tradeoff space (including performance, reliability, safety, and security considerations, among others) and strategically allocating their limited resources when and where they are needed the most.

This two-day course provides the foundation for a more practical approach to risk management that builds from a straightforward, broad-view method to a complex array of techniques needed for in-depth analyses of complex risks. Through an interactive learning environment using discussion, examples, worksheets, and exercises, participants will be able to grasp the essentials of the practical, easy-to-use techniques.

The course progresses as follows.

• Introduction to a small set of success and failure drivers used to evaluate the current state of a software-intensive program. This driver foundation is the central theme of the practical approach to managing risks.
• Description and application of a framework and methods for managing risk, including risk identification and mitigation as well as preparing for and sustaining good risk management practice
• Description and application of a technique for evaluating an existing risk management practice from two points of view:
  • outputs: are the appropriate activities and required results of risk management present?
  • success: is the risk management practice effective?
• A review of some of the more common standards and guidelines for how to perform risk management, and how Mosaic's practical approach aligns with those standards. (Typical standards considered in this course include the CMMI, Defense Acquisition University (DAU) guidance, and IEEE.)
• Examination of several alternative means of implementing this practical approach to risk management.

Who should attend?

• project managers, lead engineers, software engineers
• risk managers and others performing risk management activities
• those involved in process improvement such as EPG and SEPG members, CMMI lead appraisers, and change or technology transition agents
• those from related disciplines such of quality assurance, acquisition, security, IT

Topics

• Drivers of success and failure
• Risk management framework
• Mosaic: Practical risk management activities
  • assessing risks
  • planning for risk mitigation
  • implementing mitigation plans
• Preparing for risk management
• Sustaining risk management
• Evaluating your risk management practice
• Alignment with risk management standards
• Implementing practical risk management

Objectives

• Understand core risk management concepts
• Understand how to apply the success and failure drivers
• Adapt and tailor the Mosaic risk management methodology to their program's needs and constraints
• Be able to apply Mosaic risk management methods
• Be able to evaluate an existing risk management practice for completeness and effectiveness

Prerequisites

There are no prerequisites for this course. It is recommended that participant have a minimum 2-3 years of experience in the fields of development or acquisition of software intensive systems, or project management.

Materials

Students will receive the complete set of slides; a course workbook of templates, examples, and exercises; and handouts of related papers and reference materials.

Schedule

This two day course meets the following times:
Days 1-2, 8:30 am - 5:00 pm (U.S. Locations)