Unit 5: RISK MANAGEMENT

Risk Management: Software Risks, Reactive and Pro-active Risk Strategies, Risk Identification,
Risk Projection, Risk Mitigation, Risk Monitoring and Management

What is Risk?
"Tomorrow problems are today's risk." Hence, a clear definition of a "risk" is a problem that could
cause some loss or threaten the progress of the project, but which has not happened yet.
These potential issues might harm cost, schedule or technical success of the project and the
quality of our software device, or project team morale.
Risk Management is the system of identifying addressing and eliminating these problems before
they can damage the project.
We need to differentiate risks, as potential issues, from the current problems of the project.
Risk Management
A software project can be concerned with a large variety of risks. In order to be adept to
systematically identify the significant risks which might affect a software project, it is essential to
classify risks into different classes. The project manager can then check which risks from each
class are relevant to the project.
There are three main classifications of risks which can affect a software project:
1. Project risks
2. Technical risks
3. Business risks
1. Project risks: Project risks concern differ forms of budgetary, schedule, personnel, resource,
and customer-related problems. A vital project risk is schedule slippage. Since the software is
intangible, it is very tough to monitor and control a software project. It is very tough to control
something which cannot be identified. For any manufacturing program, such as the
manufacturing of cars, the plan executive can recognize the product taking shape.
2. Technical risks: Technical risks concern potential method, implementation, interfacing,
testing, and maintenance issue. It also consists of an ambiguous specification, incomplete
specification, changing specification, technical uncertainty, and technical obsolescence. Most
technical risks appear due to the development team's insufficient knowledge about the project.
3. Business risks: This type of risks contain risks of building an excellent product that no one
need, losing budgetary or personnel commitments, etc.
Other risk categories
1. 1. Known risks: Those risks that can be uncovered after careful assessment of the project
program, the business and technical environment in which the plan is being developed,
and more reliable data sources (e.g., unrealistic delivery date)
2. 2. Predictable risks: Those risks that are hypothesized from previous project experience
(e.g., past turnover)
3. 3. Unpredictable risks: Those risks that can and do occur, but are extremely tough to
identify in advance.
Principle of Risk Management
1. Global Perspective: In this, we review the bigger system description, design, and
implementation. We look at the chance and the impact the risk is going to have.
2. Take a forward-looking view: Consider the threat which may appear in the future and
create future plans for directing the next events.
3. Open Communication: This is to allow the free flow of communications between the
client and the team members so that they have certainty about the risks.
4. Integrated management: In this method risk management is made an integral part of
project management.
5. Continuous process: In this phase, the risks are tracked continuously throughout the risk
management paradigm.

Risk Identification
Identifying risk is one of most important or essential and initial steps in risk management process.
By chance, if failure occurs in identifying any specific or particular risk, then all other steps that
are involved in risk management will not be implemented for that particular risk. For identifying
risk, project team should review scope of program, estimate cost, schedule, technical maturity,
parameters of key performance, etc. To manage risk, project team or organization are needed to
know about what risks it faces, and then to evaluate them. Generally, identification of risk is an
iterative process. It basically includes generating or creating comprehensive list of threats and
opportunities that are based on events that can enhance, prevent, degrade, accelerate, or might
delay successful achievement of objectives. In simple words, if you don’t find or identify risk, you
won’t be able to manage it.
The organizer of project needs to expect some of the risk in the project as early as possible so that
the performance of risk may be reduced. This could be only possible by making effective risk
management planning.
A project may contain large variety of risk. To know the specific amount of risk, there may be
chance of affecting a project. So, this is necessary to make categories into different class of risk.
There are many different types of risks which affects the software project:
1. Technology risks
2. Tools risks
3. Estimation risks
4. People risks
5. Requirement risks
6. Organizational risks
Methods for Identifying Risks: Earlier, there were no easy methods available that will surely
identify all risks. But nowadays, there are some additional approaches available for identifying
risks. Some of approaches for risk identification are given below:
1. Checklist Analysis – Checklist Analysis is type of technique generally used to identify or find
risks and manage it. The checklist is basically developed by listing items, steps, or even tasks and
is then further analyzed against criteria to just identify and determine if procedure is completed
correctly or not. It is list of risk that is just found to occur regularly in development of software
project. Below is the list of software development risk by Barry Boehm- modified version.

Risk Risk Reduction Technique

Various techniques include training and career development,

Personnel Shortfalls job-matching, teambuilding, etc.

Various techniques include incremental development,

Unrealistic time and cost standardization of methods, recording, and analysis of the
estimates past project, etc.

Development of wrong Various techniques include formal specification methods,

software functions user surveys, etc.

Development of the Various techniques include user involvement, prototyping,

wrong user interface etc.

2. Brainstorming – This technique provides and gives free and open approach that usually
encourages each and everyone on project team to participate. It also results in greater sense of
ownership of project risk, and team generally committed to managing risk for given time period
of project. It is creative and unique technique to gather risks spontaneously by team members.
The team members identify and determine risks in ‘no wrong answer’ environment. This
technique also provides opportunity for team members to always develop on each other’s ideas.
This technique is also used to determine best possible solution to problems and issue that arises
and emerge.
3. Casual Mapping – Causal mapping is method that builds or develops on reflection and review
of failure factors in cause and effect of the diagrams. It is very useful for facilitating learning with
an organization or system simply as method of project-post evaluation. It is also key tool for risk
assessment.
4. SWOT Analysis – Strengths-Weaknesses-Opportunities-Threat (SWOT) is very technique and
helpful for identifying risks within greater organization context. It is generally used as planning
tool for analyzing business, its resources, and also its environment simply by looking at internal
strengths and weaknesses and opportunities and threats in external environment. It is technique
often used in formulation of strategy. The appropriate time and effort should be spent on thinking
seriously about weaknesses and threats of organization for SWOT analysis to more effective and
successful in risk identification.
5. Flowchart Method – This method allows for dynamic process to be diagrammatically
represented in paper. This method is generally used to represent activities of process graphically
and sequentially to simply identify the risk.
Risk Mitigation:
It is an activity used to avoid problems (Risk Avoidance).
Steps for mitigating the risks as follows.
1. Finding out the risk.
2. Removing causes that are the reason for risk creation.
 3. Controlling the corresponding documents from time to time.
4. Conducting timely reviews to speed up the work.
Risk Monitoring:
It is an activity used for project tracking.
It has the following primary objectives as follows.
1. To check if predicted risks occur or not.
2. To ensure proper application of risk aversion steps defined for risk.
3. To collect data for future risk analysis.
4. To allocate what problems are caused by which risks throughout the project.
Risk Management and planning:
It assumes that the mitigation activity failed and the risk is a reality. This task is done by Project
manager when risk becomes reality and causes severe problems. If the project manager effectively
uses project mitigation to remove risks successfully then it is easier to manage the risks. This
shows that the response that will be taken for each risk by a manager. The main objective of the
risk management plan is the risk register. This risk register describes and focuses on the predicted
threats to a software project.
Example:
Let us understand RMMM with the help of an example of high staff turnover.
Risk Mitigation:
To mitigate this risk, project management must develop a strategy for reducing turnover. The
possible steps to be taken are:
• Meet the current staff to determine causes for turnover (e.g., poor working conditions, low
pay, competitive job market).
• Mitigate those causes that are under our control before the project starts.
• Once the project commences, assume turnover will occur and develop techniques to
ensure continuity when people leave.
• Organize project teams so that information about each development activity is widely
dispersed.
• Define documentation standards and establish mechanisms to ensure that documents are
developed in a timely manner.
• Assign a backup staff member for every critical technologist.
Risk Monitoring:
As the project proceeds, risk monitoring activities commence. The project manager monitors
factors that may provide an indication of whether the risk is becoming more or less likely. In the
case of high staff turnover, the following factors can be monitored:
• General attitude of team members based on project pressures.
• Interpersonal relationships among team members.
 • Potential problems with compensation and benefits.
• The availability of jobs within the company and outside it.
Risk Management:
Risk management and contingency planning assumes that mitigation efforts have failed and that
the risk has become a reality. Continuing the example, the project is well underway, and a number
of people announce that they will be leaving. If the mitigation strategy has been followed, backup
is available, information is documented, and knowledge has been dispersed across the team. In
addition, the project manager may temporarily refocus resources (and readjust the project
schedule) to those functions that are fully staffed, enabling newcomers who must be added to the
team to “get up to the speed “.
Drawbacks of RMMM:
• It incurs additional project costs.
• It takes additional time.
• For larger projects, implementing an RMMM may itself turn out to be another tedious
project.
• RMMM does not guarantee a risk-free project, infact, risks may also come up after the
project is delivered.