Risk Analysis


1 Learning Objectives: Financial engineers and software engineers have very different views about risk. The pupose of this assignment is to help you see if any of the ideas from financial engineering can be used in software engineering.
2 Setting: For a variety of reasons that are not important, your company decided to create two completely independent implementations of the same software product. They plan on deploying only one of the two. You must perform a risk analysis to help them determine which of the two products to deploy.
3 Data: The two implementations can both fail in a variety of different ways. Specifically, implementation 1 (I1) can fail in 14 different ways, with the following failure rates and costs per failure: 
          Failures      Cost per
          per 1000       Failure
           Trials      (in $1000s)
          
              3           12.1
              1           56.9
              2           37.8
              9            5.8
              5           10.2
              3           66.7
              8           77.1
              4           38.3
              9          104.2
              1           65.9
              1           67.0
              0            0.0
              7            2.1
              6           24.9

Similarly, implementation 2 (I2) can fail in 11 different ways, with the following failure rates and costs per failure: 

          Failures      Cost per
          per 1000       Failure
           Trials      (in $1000s)
          
              5            40.0
              6            41.0
              6            41.0
              5            40.0
              6            41.0
              5            41.0
              5            40.0
              6            41.0
              6            41.0
              5            40.0
              6            41.0

The different failures are completely unrelated. So, we can think of each different failure as an outcome. In addition, appealing to the strong law of large numbers, we can think of the the failure rate as the probability of that outcome. (Note: When an implementation doesn't fail it has a failure cost of $0.)

4 Questions: Answer all of the following questions. Show all of your work.
  1. What is the expected failure cost for I1?

  2. What is the expected failure cost for I2?

  3. Using only these two values, which of the implementations would you recommend (or is it a "toss up")? Why?

  4. Using the expected values and the information about the failure rates and costs, which of the implementations would you recommend (or is it a "toss up")? Why?

  5. What is the standard deviation of the failure cost for I1?

  6. What is the standard deviation of the failure cost for I2?

  7. Using the both the expected values and the standard deviations, which of the implementations would you recommend (or is it a "toss up")? Why?

  8. Which do you think is the better measure of risk, the expected failure cost or the standard deviation of the failure cost? Why?

  9. In many situations (as discussed in the textbook), it is impossible to quantify probabilities and costs. How might you apply the ideas in the previous questions in such situations?

  10. How does your answer to the previous question affect the way you view avoidance strategies, minimization strategies, and contingency plans?

5 Submission: Your answers to these questions must be submitted using the normal submission process. (See the relevant course policy.)
6 Visibility: Your answers to the last three questions will be made public. Your answers to the other questions will be kept private.
Department of Computer Science

Copyright 2009