NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

The NASA ASIC Guide: Assuring ASICs for SPACE

Chapter Three: Risk Management & Contingency Planning


To prepare ASIC managers for assessment of program risks before and during program execution, and to effectively plan contingency strategies.

Any development program with the magnitude and complexity of an ASIC program carries risk. ASIC managers must balance all the benefits that ASICs offer with their associated risks. This chapter offers ways to minimize risk as well as ways to develop contingency plans should these risks pose a threat to your program.

We have divided this chapter into three discussions: risk assessment, contingency planning, and a practical guide to risk management.

Risk Assessment

In assessing risk, we suggest project managers examine the proposed project at two levels. First, determine if the project risks are acceptable before starting the project. This action forms the basis for building cost and schedule boundaries. For the second level of risk assessment, identify critical program elements requiring close management focus and careful contingency planning.

For the first level of risk assessment, evaluate the requirements set for: ASIC function, performance, power, size, mass, and integration. By considering both the parameters and the parameter margins associated with these requirements, ASIC managers assess whether these requirements meet project objectives. Managers further assess how failure to meet project objectives or modify the requirement affects mission success. Once managers feel comfortable with these basic ASIC requirements, they are ready to consider risks associated with ASIC program implementation.

ASIC program implementation has several areas of risk, from design to assembly and test. These areas are: vendor; technology; tools and library; package; design cycle; quality assurance; and procurement. Most of these risks represent the possibility of changing methodologies during the program. For a list of risks and suggested contingency plans, see "A Practical Guide To Risk Management" at the end of this chapter. After project managers decide to accept these risks, they enter the second level of risk assessment: prioritizing the risks.

When prioritizing the risks, pay particular attention to areas where you are pushing technology limits. These areas require careful monitoring since they carry high risk. For example, if a vendor specifies a 24K maximum routable gate limit and your design calls for using 23.5K gates, then routability represents a significant risk. Once identified, the highest risks call for contingency plans.

Contingency Planning

We urge ASIC managers to plan contingencies because major changes in a program, if unanticipated, can cause catastrophic schedule slips and budget overruns. Contingency plans are backup strategies developed concurrently with working plans in areas that carry a high risk. We recommend revising contingency plans at the reviews for each milestone of the ASIC program.

For an example of contingency planning, consider risks associated with ASIC function. First, to assess risks, understand how well available ASIC technologies can implement the ASIC's function. To minimize risk, choose a target technology that has successfully implemented a design of comparable density and performance. Then, as a contingency, secure plans for using backup technologies that can also implement the ASIC's function, should the target technology fail.

As another example, we illustrate how contingency planning relates to ASIC integration risks. Engineers often choose ASICs as a solution to projects requiring both low power and high performance. They then set power, mass, and size budgets according to anticipated ASIC complexity. However, if they underestimate the required ASIC complexity, they may need to partition the ASIC design into two devices. This doubles the anticipated power, mass, and board space required. This risk alone affects ASIC performance, power, size, mass and integration. If you are pushing the limits of integration for the target ASIC technology, plan contingencies for repartitioning into two devices. For instance, create a workable backup plan requiring more power, mass and board space. If this is not feasible, plan a contingency requiring less functionality.

We stress prioritizing risks, and planning contingencies only for the highest risks. One would like to plan backup strategies for every possible risk. This is just not feasible within cost and schedule constraints. For an overview of ASIC program risks and suggested contingencies, see "A Practical Guide to Risk Management" at the end of this chapter. Contingency planning benefits from a cost and schedule allocation technique called "concurrent engineering."

Concurrent Engineering

Figure 1.3.1 ASIC Serial Engineering

Figure 1.3.2 ASIC Concurrent Engineering

Concurrent engineering (CE) has become an important discipline in the ASIC industry for reducing time-to-market and for risk management. The Institute for Defense Analyses defines CE as "a systematic approach to the integrated, concurrent design of products and their related processes, including manufacture and support. This approach is intended to cause the developers, from the outset, to consider all elements of the products life cycle from conception through disposal, including quality, cost, schedules, and user requirements." Thus, as contingency planning demonstrates, CE requires multiple engineering disciplines to cooperate early and throughout the design cycle. As an example, consider the design for test (DFT) approach.

For the past decade, DFT concerns have become increasingly concurrent with functional and performance concerns. Before the rise of DFT, design teams would hand a finished ASIC design to a test engineer. The test engineer would analyze the design and invariably recommend a redesign to enhance testability. Now, synthesis tools come with software that automatically make testability concurrent with design for function and performance. For more information on DFT, see Section Three: Chapter 3: "Design for Test."

To compare the differences between serial and concurrent engineering, compare figure 1.3.1 with figure 1.3.2. Traditional ASIC projects involve engineering disciplines serially (figure 1.3.1), without much consideration about each discipline up front. This invariably requires prototypes and sometimes several redesigns to gradually incorporate divergent issues such as manufacturability, performance, quality, and testability into the ASIC. ASIC CE (figure 1.3.2) involves all engineering disciplines that will ever be used in the project early such that the first design will efficiently incorporate each discipline's concerns. Doing so ideally produces a working ASIC without the need for redesign.

Although CE practices such as contingency planning cost more money up front, overall CE tends to save money. Case studies at AT&T, Hewlett-Packard, and IBM [1] have demonstrated that CE has reduced both manufacturing and labor costs by over 40 percent, and design cycles and development schedules by over 35 percent. Using collective problem solving, CE also significantly improved product quality by several measures.

A collective approach to problem solving proves more efficient than task managers working in isolation. CE forces ASIC teams to consider multiple scenarios. Cost savings occur as teams increase the number of options they consider for each decision. Consider the following way to implement CE.

To incorporate CE into packaging issues, we recommend that the packaging engineer provide inputs on several package sizes early in the design cycle to account for higher and lower ASIC complexity than anticipated. As a side effect to these contingency plans, the ASIC team has more information to make decisions along the way. For instance, rather than spending undue resources on limiting the ASIC pin count, they may find that using a larger package costs much less than limiting the pin count. Thus, CE can save money by involving the packaging engineer early in the design cycle rather than waiting until the ASIC is ready to be packaged. However, maintaining project focus can prove difficult when employing engineers before they actively apply their work packages.

Because CE involves engineers throughout a project, regardless of when they directly apply their expertise, managers often staff a mix of full- and part-time engineers. For instance, an ASIC team case study at Hewlett-Packard [2] included 2-5 full-time design engineers, a 50 percent-time production engineer, a 33 percent-time quality engineer, a 20 percent-time materials engineer, a 10 percent-time buyer, and a 10 percent-time cost account manager. Although maintaining this team throughout the project required more money than the traditional approach, the project required less total money and a shorter schedule than similar efforts.

A Practical Guide To Risk Management

In the following tables, we have tried to address any remote possibility of even a slight risk. However, by planning not to push tool and technology limits and by selecting a QML or QPL vendor, your exposure to these risks should be fairly small.

Table 1.3.1 Risk Areas and Suggested Contingency Plans


Now you may jump to: