CMMI评审（三）

风险管理相关问题

CMMI （Capability Maturity Model Integration For Software，软件能力成熟度模型集成）是在CMM（Capability Maturity Model For Software，软件能力成熟度模型）的基础上发展而来的。CMMI是由美国卡耐基梅隆大学软件工程研究所（Software Engineering Institute，SEI）组织全世界的软件过程改进和软件开发管理方面的专家历时四年而开发出来的，并在全世界推广实施的一种软件能力成熟度评估标准，主要用于指导软件开发过程的改进和进行软件开发能力的评估。

1.请描述在项目计划期间如何识别和评估风险？ Please describe about how to recognize and evaluate risk in project planning

通过组织级的风险数据表，结合项目的实际情况，形成项目的风险管理报告，在项目风险管理报告中定义了风险的参数，分类，优先级，并根据风险参数的高低对不同的风险制定相应的管理策略（接受，减弱，规避，转移）
风险管理策略：接受，减弱，规避，转移　
风险参数：概率，影响，风险值，阀值（1.0）　　
风险排序：风险值越高的优先级越高，风险值相同时按风险概率越高的优先级越高　　
风险评估：根据风险参数中定义的评价原则，确定风险的概率、风险影响并计算风险值
针对每个风险，都要制定应对措施
The risk of data level, combined with the actual situation of the project, the formation of risk management report of the project, in project risk management report risk parameters, the definition of classification, priority, and according to the level of risk parameters for different risk to develop appropriate management strategies (accept, weaken, avoid, transfer)
Risk management strategies: acceptance, mitigation, avoidance, transfer
Risk parameter: probability, effect, value of risk, threshold (1)
Risk ranking: the higher the risk value is, the higher the risk value is, the higher the risk probability is, the higher the priority is
Risk assessment: according to the evaluation principle defined in the risk parameter, the probability of risk, the influence of risk and the value of risk are determined
For each risk, it is necessary to formulate Countermeasures

2.风险参数有哪些？What risk parameter are used?

(1)在公司的过程体系文件《风险管理过程》中，定义了风险的参数，风险参数包括风险概率和风险影响，风险值，阀值。
In company process system document ,risk management process,whre has defined the risk value, The risk value include risk rate and risk effect, risk value, the threshold .

(2)通过自然语言表达来来选择每个风险概率范围以及概率值,风险概率分三级，分别是1%至14%、15%至39%、40%至60%、61%至85%、86%至99%，对应为非常不可能、不太可能、一半一半、可能、几乎肯定，同时对应的计算值为10%、35%、50%、65%、90%；
The natural language expression to select each risk probability range and probability, the probability of risk is divided into three levels, rnamely 1% to 14%, 15% to 39%, 40% to 60%, 61% to 85%, 86% to 99%, corresponding to very unlikely, unlikely, half and half, probably, almost certainly, at the same time, the corresponding calculation a value of 10%, 35%, 50%, 65%, 90%;

(3)对每个风险进行计算其风险值，计算方法为风险概率×风险影响
calculate every risk about the risk value. Calculation way= risk rate × risk effect

3.如何进行风险识别? How to recognize risk?

(1)一方面可以通过类比法，通过获取组织财富库中《风险数据表》和历史类似项目积累的风险数据《项目风险管理报告》来识别风险。另一方面，项目经理组织合适人员组成小组，根据项目目标、项目的制约因素和假设条件、与本项目具有相关性的历史资料以及过去的经验教训等信息通过头脑风暴法分析得出项目的可能风险。
On the one hand, the risk can be identified by the method of analogy, which is based on the risk data obtained from the organization asset library and historical similar projects, the project risk management report.
On the other hand, the project manager to organize appropriate staff team, according to the analysis of possible risk factors of project project objectives, project and assumptions, this project has correlation with the historical data and the experience and lessons of information through brainstorming.

(2)识别出的项目风险通过项目周报和会议的形式记录在《项目风险管理报告》中，并在《项目风险管理报告》中分析了风险概率和风险影响，制定缓解措施。
Record the recognized project risk in risk management report by weekly report and weekly meeting. And analysis risk rate and risk effect, to make controling measures.

4.如何进行评估、分类及排序风险？ How to evaluate, clarrify and rank risk?

按风险的概率和影响对风险进行评估，计算出风险的风险值，对风险值进行排列优先顺序，风险值越高的优先级越高，风险值相同时按风险概率越高的优先级越高。
Evaluation as the percentage and effect of the eisk, to calculate risk value, optimizing risk value. The higher the risk value is, the higher the risk rate, to opyimize advanced.

5.你了解风险管理的方针吗？ Do you understand risk management policy?

风险管理（Risk Management, RSKM）的目的在于识别潜在的问题，以便策划处理风险的活动（识别、分析评估和缓解）和在必要时在整个项目生存周期中实施这些活动，缓解不利的影响，实现项目目标。
Risk Management, RSKM, the purpose is to recognize the potential problem, so as to plan and handle risk activities( recognize, analysis evaluation and control) and implement thses activities in necessary, to release disadvantage effect, and accomplish the project goal.

6.公司对风险管理的提供了那些资源 has the company provide any resource for risk management?

体系文件，模板，风险管理的责任人员，资金等 system document, module, risk management

7.由哪些人对风险进行识别、分析、缓解、跟踪？ Who will recognize, analysis, control and track risk?

项目组长、组员、开发部经理等 project team leader, team members, development manager.

8.是否接受过项目风险管理的培训？ Have received any training about risk management?

项目组相关人员经过风险管理的培训。 Relative team members participate in risk management

9.风险管理的哪些工作产品纳入了配置管理？ What work products about risk management will ba taken into configuration management?

《项目风险管理报告》RSKM report

10.如何确保相关人员参与到风险管理活动？How to ensure the relative person to participate in risk management activities?

项目经理主持召开周例会；相关共利益者根据《项目风险报告》中明确风险的责任人。 Project manager hold weekly meeting; according to project risk report, the common benificiary will define who will be responsible for risk.

11.如何监督和控制风险管理过程活动？ How to supervise and control process activities of risk management

项目组长通过《项目风险报告》，在每个里程碑处或风险检查点，跟踪风险、缓解措施、解决措施的状态。
Based on project risk report, project team leader will track the condition of risk, control, solution in every milestone or risk checking point

12.谁负责评价风险管理过程是否与公司流程规范一致？ Who will be responsible for evaluate risk management process to meet compaany standard?

高管通过里程碑评审定期了解项目的风险情况，在QA对问题检查中发现重大问题也会向高管汇报 senior manager understand project risk condition by milestone review. If QA find any serious problem, QA will report to senior manager.

13.是否建立已定义风险管理过程？Has set up the defined risk management process?

《项目已定义过程》 process defined process.

14.如何收集风险管理过程活动改进信息？How to collect activity improvement information in risk management process

过程改进建议单，过程改进信息跟踪 process improvement suggestion list, process improvement tracking

15.风险管理的经验如何纳入组织资产库 how will the risk management be considred into organization asset library

项目的风险管理报告会纳入组织财富库的项目管理经验区及新的风险会纳入风险数据表 project risk management report will be added into project management experience area in organization asset library. And any new risk will be added into data list.