Download 2. Risk Analysis and Mitigation

Risk Management Plan
Geographical Auto-Delivery System
Risk Management Plan
Version:
Date:
Author:
Status:
1.0
13 December 2010
Yousef Aloumi
Final
Risk Management Overview
Risk management is a main part of this project, where it may affect the project success overall.
Therefore, a good risk analysis should be obtained in order to analyze all major and minor risks
that may occur. Moreover, risks have been classified into five different types, User risks, Legal
risks, Financial risks, Technical risks and Schedule risks. User risks are concerned with issues
facing customers while using the application. Legal risks are defined as issues that could cause
legal actions against GAS, if not resolved. Financial risks occur when a company does not have
the sufficient amount of cash flow to handle all financial obligations. However, this project is
completely funded, although, that amount of funding should still be maintained. Technical risks
are an important component of this analysis, whereas GAS essentially rely on good maintained
service without any kind of defects. Finally, Schedule risks explain the issues we would
encounter while distributing the application and starting the service. All these risks can be
managed and mitigated in order to produce GAS.
1. Risk Management Strategies
Risk strategies are approaches that can be chosen to handle risks identified. However, these
approaches are selected based on the severity of the risk with respect to its impact and
probability of occurring. The following is a list of the strategies elected:
1. Acceptance: accept the risk as it is, and not take any action towards it, until it occurs.
Though, there are two types of acceptance, active and passive,
a) Active acceptance is creating a plan that overcomes the accepted risk incase it arises.
b) Passive acceptance is often selected for minor risks that do not have any affect if occurs.
2. Avoidance: it is altering the plan in order to prevent or minimally reduce the probability of
risk from occurring.
F1
Risk Management Plan
Geographical Auto-Delivery System
3. Mitigation: a strategy that aims on reducing the probability and impact of the risk by
resolving it. This approach is mainly recommended to be used only if the risk cannot be
avoided.
4. Transference: it is basically outsourcing the risk to a third party in which can handle the
outcome of that risk.
2. Risk Analysis and Mitigation
Figure 1. GAS Risk Key Matrix which lists all possible risks, indicating the probability and
impact of each risk rating each from very high to very low.
2.1 Legal Risks
L1: Distracted Driving
Impact: High
Probability: Very High
Distracted driving has been a major problem in our society causing a huge number of accidents
every day. With all these new map guidance technologies, distraction is still occurring causing
the lives of many people. In 2008, almost 6,000 people were killed and 500,000 were injured in
crashes related to driver distraction. Therefore, this risk is considered to be the highest risk where
is listed in the red zone of the risk key matrix.
Moreover, GAS is a map guided phone application, thus, it will still cause this kind of
distraction. However, while researching solutions for this risk, it has been concluded that the risk
F2
Risk Management Plan
Geographical Auto-Delivery System
cannot be completely eliminated, but it can be potentially reduced with reasonable mitigation.
Mitigation: Voice Commands: a Text to Speech system would be a potential mitigation in
reducing this risk probability and impact. This system would allow the user to input and receive
information in a hands free manner.
Mitigation: Audible Alerts: alarm tones are helpful in reducing distraction driving where the
smart phone device specifies ringtones that the user can identify and determine the right action to
be taken while driving.
Source: http://www.cell-phone-plans.net/blog/cell-phones/cell-phones-text-messaging-and-caraccident-information-for-all-drivers/
2.2 Financial Risks
F1: Business Participation
Impact: Very High
Probability: Low
Another major risk for this project is getting as much businesses possible to participate, where if
otherwise it may lead to a complete failure of the project, in which our application relies fully on
businesses and what they offer. Therefore, if GAS do not have enough businesses, it will then
won't be able to present the needed information for customers. However, we have listed this risk
as a low probability of occurring because many businesses need this new type of advertisement
especially for a significantly low price.
Mitigation: Marketing Plan: to overcome this issue, our application should have a well planned
advertisement and marketing plan where it can then gather as much businesses possible to lead
this project into success.
Mitigation: Viral Marketing: a web based technique that it is used as a part of the marketing
plan in which our application can be advertised through well populated websites especially social
networking websites such as Facebook and Twitter.
2.3 Schedule Risks
S1: Business Participation
Impact: Very High
Probability: Low
Business participation is needed in order to start the service of this application. Without the
minimum number of required businesses which is 50 businesses, we then cannot offer the
information and service required to G.A.S customers.
Mitigation: Marketing Plan: GAS should have an excellent initial advertisement and marketing
plan to get 50 businesses by time, and start the service to customers. Offering a beta trial of the
application free of charge for businesses and users would be a good advertisement for the
product.
F3
Risk Management Plan
Geographical Auto-Delivery System
S2: Competition Completes First
Impact: Very High
Probability: High
Most of map guidance application have not yet developed the push functionality, that is basically
what GAS is providing, a real time push functionality that informs the user with specific
locations and other useful information. However, phone application development is on the rise,
many companies are producing application on a daily basis. Therefore, one of our biggest risks is
those companies discover this functionality and build an application similar to GAS before we
even produce it. Moreover, this will not affect our application, whereas then it will increase our
competition with other apps that develop this functionality.
Acceptance: We cannot mitigate this risk in any way possible; therefore, we only can accept it
and consider this as competition. Although, it is considered to be a passive acceptance where we
cannot build a plan at the meantime that would overcome this issue.
2.4 Technical Risks
T1: Server Load
Impact: High
Probability: High
In order to start the service with GAS, we have to maintain a server in the most efficient way
possible, where as maintaining its bandwidth and speed. Initially, GAS will start service within
the Hampton Roads area; therefore, it may not have a large significant number of customer and
businesses. However, in the long run, once service area increases, possibly for the whole nation,
then it may affect the server and need a larger server with a huge bandwidth to accommodate all
customers and businesses within the server. This may lead to problems with the server load
capacity and may then lead to crash the server and lose all information, and that is one thing we
defiantly do not need in order for the project to succeed.
Mitigation: Topology based design: a specific calculation that tracks the vehicles motion within
a specific radius. This method would reduce the amount of information that gets into the server;
therefore, it potentially reduces the server load.
Mitigation: VANET (Sensor Networking).
2.5 User Risks
U1: Privacy and Security
Impact: High
Probability: Low
The internet is full of hackers that try desperately to steal and manipulate information from
websites and servers such as personal information. In this case, we then have to protect our data
in the safest way possible to prevent hackers from accessing or stealing our customer and
F4
Risk Management Plan
Geographical Auto-Delivery System
business information, where then it can be catastrophic and can face legal issues.
Mitigation: Wireless Encryption: Most smart phones now have a sort of wireless internet
encryption such as WPA and WPA2 protecting them for sniffers and so on.
Mitigation: Password Hashing: it can be used to overcome this issue, where as a user enters
his/her user name and password through a login page, then the password gets encrypted and
stored into the database, therefore, the users original password cannot be visible.
Mitigation: Firewall: a firewall should be installed to maintain a safe environment for the users.
U2: Business Fraud
Impact: High
Probability: Low
With GAS, businesses can login to their accounts and modify their prices in order to show it to
the customer users. This a new way of advertising businesses in order for customers to see good
deals around the area. However, many businesses could then enter fake prices on GAS in order
to get more customers to their property. Businesses posting fake information would hurt the
application’s reputation among smart phone users.
Mitigation: Business Agreement: an agreement that is constructed between GAS and a business
in order to prevent fraud information from being posted. However, if for any reason a business
enters fake information it would then be black listed from using the application, and could get
legal charges.
F5