GURU NANAK INSTITUTIONS TECHNICAL CAMPUS

(Autonomous)

SOFTWARE ENGINEERING (22PC0AM03)

II B.Tech- Sem-1

UNIT-5
Metrics for Process and Products &
Risk Management

By
J.N. Chandra Sekhar, Asst Prof

Dept of CSE 1
 SYLLABUS

• Metrics for Process and Products : Software

Measurement, Metrics for software quality.

• Risk management : Reactive vs. Proactive Risk

strategies, software risks, Risk identification,
Risk projection, Risk refinement, RMMM, RMMM
Plan.

Dept of CSE 2
 Metrics for Process And Product

• Software Measurement:
Software measurement can be
categorized as
1)Direct Measure
2)Indirect Measure

Dept of CSE 3
• Direct Measurement
Direct measure of software process include
cost and effort
Direct measure of product include lines of code,
Execution speed, memory size, defects per
reporting time period.
• Indirect Measurement
Indirect measure examines the quality of
software product itself(e.g. :-functionality,
complexity, efficiency, reliability and
maintainability)

Dept of CSE 4
 Reasons for measurement

1. To gain baseline for comparison with

future assessment
2. To determine status with respect to plan
3. To predict the size, cost and duration
estimate
4. To improve the product quality and
process improvement

Dept of CSE 5
 Software Measurement

• The metrics in software Measurement are

▪ Size oriented metrics
▪ Function oriented metrics
▪ Object oriented metrics
▪ Web based application metric

Dept of CSE 6
 Size Oriented Metrics

• It totally concerned with the measurement

of software.
• A software company maintains a simple
record for calculating the size of the
software.
• It includes LOC, Effort,$$,PP
document,Error,Defect ,People.

Dept of CSE 7
 Function oriented metrics

• Measures the functionality derived by the

application
• The most widely used function oriented
metric is Function point
• Function point is independent of
programming language
• Measures functionality from user point of
view
Dept of CSE 8
 Object oriented metric

• Relevant for object oriented programming

• Based on the following
Number of scenarios(Similar to use cases)
Number of key classes
Number of support classes
Number of average support class per key
class
Number of subsystem
Dept of CSE 9
 Web based application metric

• Metrics related to web based application

measure the following
1. Number of static pages(NSP)
2. Number of dynamic pages(NDP)
Customization(C)=NSP/NSP+NDP
C should approach 1

Dept of CSE 10
 Metrics for Software Quality
• Measuring Software Quality
1. Correctness=defects/KLOC
2. Maintainability=MTTC(Mean-time to
change)
3. Integrity=Sigma[1-(threat(1-security))]
Threat : Probability that an attack of
specific type will occur within a given time
Security : Probability that an attack of a
specific type will be repelled
Dept of CSE 11
4. Usability: Ease of use
5. Defect Removal Efficiency(DRE)
DRE=E/(E+D)
E is the no. of errors found before
delivery and D is no. of defects reported
after delivery
Ideal value of DRE is 1

Dept of CSE 12
 Risk Management
• Risk is an undesired event or circumstance that
occur while a project is underway
• It is necessary for the project manager to
anticipate and identify different risks that a
project may be susceptible to.
• Risk Management
It aims at reducing the impact of all kinds of risk
that may effect a project by identifying, analyzing
and managing them

Dept of CSE 13
Reactive Vs Proactive risk
Reactive :
It monitors the projects likely risk and
resources are set aside.
Proactive:
Risk are identified, their probability and
impact is accessed

Dept of CSE 14
 Software Risk
• It involve 2 characteristics
1. Uncertainty : Risk may or may not happen
2. Loss : If risk is reality unwanted loss or
consequences will occur
• It includes
1)Project Risk
2)Technical Risk
3)Business Risk
4)Known Risk
5)Unpredictable Risk
6)Predictable Risk Dept of CSE 15
• Project risk: Threaten the project plan and affect
schedule and resultant cost
• Technical risk: Threaten the quality and
timeliness of software to be produced
• Business risk: Threaten the viability of software
to be built
• Known risk: These risks can be recovered from
careful evaluation
• Predictable risk: Risks are identified by past
project experience
• Unpredictable risk: Risks that occur and may be
difficult to identify
Dept of CSE 16
 Risk Identification
• It concerned with identification of risk
• Step1: Identify all possible risks
• Step2: Create item check list
• Step3: Categorize into risk
components-Performance risk, cost risk, support
risk and schedule risk
• Step4: Divide the risk into one of 4 categories
• Negligible-0
• Marginal-1
• Critical-2
• Catastrophic-3 Dept of CSE 17
• Risk Identification includes
• Product size
• Business impact
• Development environment
• Process definition
• Customer characteristics
• Technology to be built
• Staff size and experience

Dept of CSE 18
 Risk Projection
• Also called risk estimation
• It estimates the impact of risk on the
project and the product
• Estimation is done by using Risk Table
• Risk projection addresses risk in 2 ways
• Likelihood or probability that the risk is
real(Li)
• Consequences(Xi)

Dept of CSE 19
 Risk Projection
• Steps in Risk projection
1. Estimate Li for each risk
2. Estimate the consequence Xi
3. Estimate the impact
4. Draw the risk table
5. Ignore the risk where the management concern
is low i.e., risk having impact high or low with low
probability of occurrence
6. Consider all risks where management concern is
high i.e., high impact with high or moderate
probability of occurrence or low impact with high
probability of occurrence
Dept of CSE 20
 Risk Projection
Risk Category Probability Impact RMMM
Size estimate PS 60% 2
may be
significantly
low
Larger no. of PS 30% 3
users than
planned
Less reuse PS 70% 2
than planned
End user BU 40% 3
resist system

Dept of CSE 21
 Risk Projection

• The impact of each risk is assessed by

Impact values
Catastrophic-1
Critical-2
Marginal-3
Negligible-4

Dept of CSE 22
 Risk Refinement
• Also called Risk assessment
• Refines the risk table in reviewing the risk
impact based on the following three
factors
a. Nature: Likely problems if risk occurs
b. Scope: Just how serious is it?
c. Timing: When and how long

Dept of CSE 23
 Risk Refinement

• It is based on Risk Elaboration

• Calculate Risk exposure RE=P*C
Where P is probability and C is cost of
project if risk occurs

Dept of CSE 24
 Risk Mitigation Monitoring And
Management (RMMM)
• Its goal is to assist project team in
developing a strategy for dealing with risk
• There are three issues of RMMM
1)Risk Avoidance

2)Risk Monitoring and

3)Risk Management

Dept of CSE 25
 Risk Mitigation Monitoring And
Management (RMMM)
• Risk Mitigation
Proactive planning for risk avoidance
• Risk Monitoring
- Assessing whether predicted risk occur or not
- Ensuring risk aversion steps are being properly
applied
- Collection of information for future risk analysis
- Determine which risks caused which problems

Dept of CSE 26
 Risk Mitigation Monitoring And
Management (RMMM)
• Risk Management
- Contingency planning
- Actions to be taken in the event that
mitigation steps have failed and the risk
has become a live problem
- Devise RMMP(Risk Mitigation Monitoring
And Management Plan)

Dept of CSE 27
 RMMM plan

• It documents all work performed as a part

of risk analysis.

• Each risk is documented individually by

using a Risk Information Sheet.

• RIS is maintained by using a database

system
Dept of CSE 28