## Sea

FIGURE 17-25. Variation of risk identification products with management level (ONAS P4855-X).

17-8 With the explosion of computer hardware and software during the 1970s and 1980s, companies began developing models to assess the technical risk for the computer hardware and software effort. One such model is discussed in this problem. Although some people contend that there may still exist applicable use for this model, others argue that the model is obsolete and flawed with respect to current thinking. After reading the paragraphs below, explain why the model may have limited use today for technical risk management.

Previously, we showed that risk quantification could be found by use of an expected-value calculation. However, there are more sophisticated approaches that involve templates combined with the expected-value model. Here, we can develop mathematical expressions for failure and risk for specific types of projects.

Risk can be simply modeled as the interaction of two variables: probability of failure (Pf) and the effect or consequence of the failure (Cf). Consequences may be measured in terms of technical performance, cost, or schedule. A simple model can be used to highlight areas where the probability of failure (Pf) is high (even if there is a low probability of occurrence). Mathematically, this model can be expressed as the union of two sets, Pf and Cf. Table 17-14 shows a mathematical model for risk assessment on hardware-software projects. In other words, the risk factor (defined as Pf X Cf) will be largest where both Pf and Cf are large, and may be high if either factor is large.

In this case, Pf is estimated by looking at hardware and software maturity, complexity, and dependency on interfacing items. The probability of failure, Pf, is then quantified from ratings similar to the factors in Table 17-14. Cf is calculated by looking at the technical, cost, and schedule implications of failure. For example, consider an item with the following characteristics: