Department of Computer Science

Team Members
Daniel Andargie

Misganaw Abebe

Samuall Tesfaye

Yihenew Getachew

Submitted To: Dr. Dida Midekso

Contents
Table of Tables ......................................................................................................................................... 3
1. Introduction ........................................................................................................................................... 1
2. Roles and Responsibilities .................................................................................................................... 1
3. Risk Assessment ................................................................................................................................... 2
3.1 Risk Identification ......................................................................................................................... 2
3.2. Risk Analysis & Prioritization ...................................................................................................... 4
4. Risk Control .......................................................................................................................................... 6
4.1 Planning Strategy .......................................................................................................................... 7
4.2 Risk Resolution ............................................................................................................................. 9
4.3 Risk Monitoring .......................................................................................................................... 11
Table of Tables
Table 1: Roles and Responsibilities .............................................................................................................. 2
Table 2: Identified Risks ............................................................................................................................... 4
Table 3: Probability of Risk Occurrence....................................................................................................... 4
Table 4: Risk impact degree ......................................................................................................................... 5
Table 5: Risk Score table .............................................................................................................................. 5
Table 6: Risks with their impact and priority ............................................................................................... 6
Table 7: Planning Strategies ......................................................................................................................... 9
Table 8: Risk Resolution ............................................................................................................................. 11
Table 9: Risk Monitoring ............................................................................................................................. 11
 1. Introduction
Projects especially software based are susceptible for risks since it is a way of teaching machines
to do as a desire of us. So, to overcome those potential threats in either of the four ways which are
Avoidance, Reduction (Mitigation), Transference (Insure) Or Acceptance (Retention); we are
preparing this risk management plan.
Risk Management is the process of identifying, assessing, responding to, monitoring, and reporting
risks. Risk management starts with a plan that defines the scope and process for the identification,
assessment, and management of risks which could impact the implementation of the project. This
Risk Management Plan defines how risks associated with a Timetable Scheduling System project
will be identified, analyzed, and managed. It outlines how risk management activities will be
performed, recorded, and monitored throughout the lifecycle of the project and provides templates
and practices for recording and prioritizing risks by the Risk Manager or Risk Management Team.

2. Roles and Responsibilities

Project Manager: The overall • Maintaining this Risk Management Plan
coordinator of the Risk • Briefing the team on the status of risks
Management Program. • Tracking efforts to reduce moderate and high risk to
acceptable levels
• Providing risk management training
• Facilitating risk assessments and
• Preparing risk briefings, reports, and documents required
for Project Reviews
Project Team: Responsible • Participate in the update to project risk assessments made
for identifying, monitoring during the previous review period.
and managing risks • Review and recommend any changes to the risk
assessments made and the risk mitigation plans
proposed.
• Report new risks to the Project Manager via e-mail or
Telegram

1|Page
 • Accomplish assigned mitigation tasks and report
status/completion of mitigation actions to the Project
Manager.
End Users The end users will participate in the project. The End Users may
identify risks and should pass the information through the
Project Team. All risk identification, tasking, and reporting will
be handled through the project team member(s) assigned to the
End User.
Table 1: Roles and Responsibilities

3. Risk Assessment
Risk assessment is the act of determining the probability that a risk will occur and the impact that
event would cause. This part helps us to get better understanding on what kind of risks that we
may face and their possible consequences.

3.1 Risk Identification

Although there are different approaches to identify risks of a project, we used some of these techniques.
Which are:

• Brainstorming: we the group members do anticipate what the hinderances we are going to face.
• Interviewing: we interviewed some people who are part of a school.
• Root Cause Analysis: since knowing the cause of a risk leads to some other risks, we collected
other threats in such a way too.
• Assumption Analysis: standing from the assumptions we considered when we specify the project,
we picked up risks.

Risk Category Risk Cause Effect

Time Schedule overrun The programmers Schools may give the project
don’t submit their for other developers.
deliverables on The project components
time. continuity may get a
discrepancy.
Cost Devices get The cost inflation We can’t buy the devices we
expensive need to work on the project
with in the planned expense
Unexpected expenses Our desire to use We may run out of money to
some other cover the unanticipated costs
resources than we confront. It will lag the
planned project schedule.
Devices need to be The fallibility of We may run out of money for
fixed machines the repair payment of the
fixation.
Resource Devices get non- The fallibility of We will get lag from the
functional machines schedule unless it either gets
fixed or replaced
Skill gap The lack of a programmer can’t keep up
experience on with others, this results in the
programming delay on the project
Knowledge gap The programmer It may take a time to fill the
mayn’t know the knowledge gap, since
framework and the someone have to learn before
programming working on something
language to be used.
Code not portable The updates made The component from the
by some updated device may need to
programmers solely be changed or reprogrammed
Lack of motivation Our personal life or The project will get lag from
intimacy level the schedule or even stop
proceeding
Scope All features not done The time, cost, Stakeholders will get
resources shortage disappointed and mayn’t
accept the system
Poor Communication The concern only Stakeholders mayn’t expect
with stakeholders on the technical part what is done, due to their
of the system
 information gap on what is to
be done and not to be done
Communication Poor Communication The manager’s lack The components done
among programmers of experience on separately may get non-
management compatible with each other
Environmental Social Insecurity The political issue We mayn’t get motivated to
our mother land proceed working on our
confronts project this leads to lag or
stoppage of the project
Internet Connection The government The delay on the project is
Blockage order for the going to be inevitable, since
internet connection internet connection is an
to be stopped essence for programmers.
Table 2: Identified Risks

3.2. Risk Analysis & Prioritization

To control risks, at the level of assessment they must be clearly defined and be well known. Analysis of
the identified risks is done using two components that clearly states their occurrence and hazard; these
are: Probability of the Risk Occurrence and Impact of the Risk if it occurs.

By the following table, the probability of the risk’s occurrence catalogue is illustrated

Probability Range Description of the Average percentage Numeric Score

probability of the probability
91% - 100% VERY LIKELY to 95.5% 5
occur
61% - 90% LIKELY to occur 75.5% 4
41% - 60% PROBABLY it may 50.5% 3
occur
11% - 40% UNLIKELY to occur 25.5% 2
1% - 10% VERY UNLIKELY to 5.5% 1
occur
Table 3: Probability of Risk Occurrence

By the following table, the impact of the risks catalogue is illustrated

 Impact Description Impact Numeric Score
A risk that, if it occurs, would cause CRITICAL 20
project failure
A risk that, if it occurs, would cause major Serious 15
cost/ schedule increase. Non-functional
requirements may not be achieved.
A risk that, if it occurs, it would cause Moderate 10
moderate cost/ schedule increase, but
important requirements would still
be met.
A risk that, if it occurs, it would cause Minor 5
only a small cost/ schedule increase.
Requirements would still be achieved.
A risk that, if it occurs, it would have no Negligible 1
effect on the project.
Table 4: Risk impact degree

The following table shows the degree of impact with its occurrence of a risk

Impact
Probability Critical(20) Serious(15) Moderate(10) Minor(5) Negligible(1)
Very Likely to occur(5) 100 75 50 25 5
Likely to occur(4) 80 60 40 20 4
Probably it may 60 45 30 15 3
occur(3)
Unlikely to occur(2) 40 30 20 10 2
Very Unlikely to 20 15 10 5 1
occur(1)
Table 5: Risk Score table

The following table illustrates the analysis of every risks considering their likelihood of happening with
their corresponding impact on the overall process of the project. And also the risk owner who is
responsible for monitoring and taking action is stated as the division of labor on SPMP document. The
risk priority is the product of risk’s likelihood and its severity; the higher the product is the relatively
more prioritized the risk becomes.
 Risk Risk Risk Risk Owner Risk Priority
Probability Impact (impact*probability
Schedule overrun 3 15 PM(Daniel 45
Andargie)
Devices get expensive 4 15 RM(Samuel 60
Tesfaye)
Unexpected expenses 3 5 RM(Samuel 15
Tesfaye)
Devices need to be fixed 3 15 RM(Samuel 45
Tesfaye)
Devices get non-functional 2 20 RM(Samuel 40
Tesfaye)
Skill gap 2 15 All Members 30
Knowledge gap 1 15 All Members 15
Code not portable 4 15 All Members 60
Lack of motivation 3 20 PM (Daniel 60
Andargie)
All features not done 4 15 All Members 60
Poor Communication with 4 20 RM (Samuel 80
stakeholders Tesfaye)
Poor Communication among 3 15 PM (Daniel 45
programmers Andargie)
Social Insecurity 3 20 All Members 60
Internet Connection Blockage 3 15 RM (Samuel 45
Tesfaye)
Table 6: Risks with their impact and priority

4. Risk Control
Since it is essential to monitor the progress of the product and the mitigation of the risk items after
risks are identified, analyzed, and prioritized, the controlling mechanisms are to be taken by the
strategies to be listed. This monitoring can be done as part of the team project management
activities by using risk plan, risk resolution and risk monitoring mechanisms.
 4.1 Planning Strategy
We specified the corresponding strategy for each risk we will confront. These strategies are:

• Avoidance: -The team changes the project plan to eliminate the risk or to protect the
project objectives from its impact. The team might achieve this by changing scope,
adding time, or adding resources
• Reduction: - involves reducing the strictness of the loss or the likelihood of the loss
from occurring
• Transference: -The team transfers the financial impact of risk by contracting out some
aspect of the work.
• Retention: - Involves accepting the loss, or benefit of gain, from a risk when it occurs.
Which means the project manager and team decide to accept certain risks.

Risk Risk Title Risk Risk Definition Strategies To

No. Probability Manage Risk

R1 Schedule 3 Is a type of risk that occurs Risk reduction

overrun when the programmers don’t
submit their deliverables on
time.

R2 Devices get 4 Is a type of risk that occurs Risk reduction

expensive when The cost inflation.

R3 Unexpected 3 Is a type of risk that occurs Risk retention

expenses when there is a desire to use
some other resources than
planned.

R4 Devices need to 3 Is a type of risk that occurs Risk reduction

be fixed when there is a fallibility of
machines
R5 Devices get 2 Is a type of risk that occurs risk avoidance
non-functional when there is a fallibility of
machines

R6 Skill gap 2 Is a type of risk that occurs Risk reduction

when there is lack of experience
on programming within team
members.

R7 Knowledge gap 1 Is a type of risk that occurs Risk reduction

when The programmer mayn’t
know the framework and the
programming language to be
used.

R8 Code not 4 Is a type of risk that occurs risk avoidance

portable when The updates made by
some programmers solely

R9 Lack of 3 Is a type of risk that occurs Risk reduction

motivation when we cannot keep Our
personal life or intimacy level
always up.

R10 All features not 4 Is a type of risk that occurs Risk reduction
done when There is time, cost,
resources shortage

R11 Poor 4 Is a type of risk that occurs Risk reduction

Communication when the concern only on the
with technical part of the system
stakeholders

R12 Poor 3 Is a type of risk that occurs Risk reduction

Communication when the manager’s lack of
experience on management
 among
programmers

R13 Social Insecurity 3 Is a type of risk that occurs Risk retention

when the political issue our
mother land confronts

R14 Internet 3 Is a type of risk that occurs Risk retention

Connection when the government order for
Blockage the internet connection to be
stopped

Table 7: Planning Strategies

4.2 Risk Resolution

This part describes the according action to be taken for each risk identified.

Risk No. Risk Title Risk Resolution Risk Definition

R1 Schedule • Make the programmers Is a type of risk that

overrun to work overtime to cop occurs when the
up with the schedule programmers don’t
submit their deliverables
on time.

R2 Devices get • Buy devices as soon as Is a type of risk that

expensive possible occurs when The cost
• Adding budget inflation.

R3 Unexpected • Try to limit the desires Is a type of risk that

expenses • Allocating reserve occurs when there is a
budget for unexpected desire to use some other
resources than planned.
expenses

R4 Devices • According to the failure Is a type of risk that

need to be status of the machines if occurs when there is a
fixed the failed device is fallibility of machines
maintainable try to
maintain it if not replace
 the device with a new
one.

R5 Devices get • If a device get non- Is a type of risk that

non- functional replace the occurs when there is a
functional device with a new one fallibility of machines

R6 Skill gap • If there is a skill gap Is a type of risk that

among team members try occurs when there is lack
to develop it by reading of experience on
programming within team
and practicing
members.
• Organize training
sessions

R7 Knowledge • Organize training Is a type of risk that

gap sessions specific to the occurs when The
framework and programmer mayn’t know
the framework and the
programming language
programming language to
be used.

R8 Code not • Provide sessions for the Is a type of risk that

portable programmers to occurs when The updates
communicate in order to made by some
programmers solely
solve portability
problems.
• Review implementation
design.
• Ensure implementation
design is well followed.

R9 Lack of • Setup entertainment and Is a type of risk that

motivation refreshment sessions. occurs when we cannot
• Appreciate and reward keep Our personal life or
intimacy level always up.
team members that
performed well.

R10 All features • Apply more efforts on Is a type of risk that

not done lacking areas of progress. occurs when There is
time, cost, resources
shortage
 R11 Poor • Assert the necessity of Is a type of risk that
Communica communications. occurs when The concern
tion with • Make enough time and only on the technical part
stakeholders of the system
understanding to
maintain good
communicative
environment.

R12 Poor • Arrange social Is a type of risk that

Communica engagement sessions and occurs when The
tion among coffee time. manager’s lack of
programmer experience on
s management

Table 8: Risk Resolution

4.3 Risk Monitoring

What Owner Time
Estimate
Monitoring: Risk owners are responsible for
monitoring their risks and notifying the PM via e-mail
Risk Owners, Risk Manager 4 hours
or telegram when a trigger occurs and that the response
plan has been initiated.
New Risk Identification: Any stakeholder can
identify additional risks. The stakeholder should notify
Stakeholders, Project Team 1 hour
the project manager of the new risk (or possible risk)
via e-mail or telegram.
Audits: The PM will be responsible for overseeing risk 2 hours per
PM and RM
activities and ensuring the risk register is updated. month
Review: The project team will review the project’s 1 hour per
Project Team
risks biweekly (in every weekly team meeting). month
Reporting: The PM maintain a Risk Log in the project
repository. The Risk Log will contain a list of risks 1 hour per
PM
that are active on the project, the priority of the risk, month
the assignment, and a current status.
Table 9: Risk Monitoring