Similar questions

How are software risks assessed?

Marks: 10M

Year: May 2015

When risks are analyzed, it is important to quantify the level of uncertainty and the degree of loss associated with each risk. To accomplish this, different categories of risk are considered:

1. Project Risks: Project Risks threaten the project plan. That is, if project risks become real, it is likely that project schedule will slip and that costs will increase. Project risks identify potential budgetary, schedule, personnel, resource, stakeholder and requirements problems and their impact on a software project. Project complexity, size and the degree of structural uncertainty were also defined as project risk factors.

2. Technical risks: Technical risks threaten the quality and timeliness of the software to be produced. If a technical risk becomes a reality, implementation may become difficult or impossible. Technical risks identify potential design, implementation, interface, verification and maintenance problems. Technical risks occur because the problem is harder to solve than we thought it would be.

3. Business Risks: Business risks threaten the viability of the software to be built. Business risks often jeopardize the project or the product. Candidates for top five business risks include (1) building an excellent product or system that no one really wants (2) building a product that no longer fits into the overall business strategy for the company (3) building a product that the sales force doesn’t understand how to sell (sales risk), (4) losing the support of senior management due to a change in focus or a change in people (management risk) and (5) losing budgetary or personnel commitment.

4. Known Risks: Known Risks are those that can be uncovered after careful evaluation of the project plan, the business and technical environment in which the project is being developed.

5. Schedule Risk: Project schedule get slip when project tasks and schedule release risks are not addressed properly. Schedule risks mainly effect on project and finally on company economy and may lead to project failure.

Schedules often slip due to following reasons:

• Wrong time estimation
• Resources are not tracked properly. All resources like staff, systems, skills of individuals etc.
• Failure to identify complex functionalities and time required to develop those functionalities.
• Unexpected project scope expansions.

6. Budget Risk:

• Wrong budget estimation.
• Cost overruns
• Project scope expansion

7. Operational Risks: Risks of loss due to improper process implementation, failed system or some external events risks.

Causes of Operational risks:

• Failure to address priority conflicts
• Failure to resolve the responsibilities
• Insufficient resources
• No proper subject training
• No resource planning

• No communication in team.

  Assessing Overall Project Risk:

• The following questions have been derived from risk data obtained by surveying experienced software project managers in different parts of the world :

1. Have top software and customer managers formally committed to support the project?
2. Are end-users enthusiastically committed to the project and the system/product to be built?
3. Are requirements fully understood by the software engineering team and its customers?
4. Have customers been involved fully in the definition of requirements?
5. Do end-users have realistic expectations?
6. Is the project scope stable?
7. Does the software engineering team have the right mix of skills?
8. Are the project requirements stable?

Risk Management

Software risk management is all about risk quantification of risk. This includes:

1. Giving a precise description of risk event that can occur in the project
2. Defining risk probability that would explain what are the chances for that risk to occur
3. Defining How much loss at particular risk can cause
4. Defining the liability potential of risk

Risk Management comprises of following processes:

1. Software Risk Identification

2. Software Risk Analysis

3. Software Risk Planning

4. Software Risk Monitoring

These Processes are defined below.

Software Risk Identification

In order to identify the risks that your project may be subjected to, it is important to first study the problems faced by previous projects. Study the project plan properly and check for all the possible areas that are vulnerable to some or the other type of risks. The best ways of analyzing a project plan is by converting it to a flowchart and examine all essential areas. It is important to conduct few brainstorming sessions to identify the known unknowns that can affect the project. Any decision taken related to technical, operational, political, legal, social, internal or external factors should be evaluated properly.

In this phase of Risk management you have to define processes that are important for risk identification. All the details of the risk such as unique Id, date on which it was identified, description and so on should be clearly mentioned.

Software Risk Analysis

Software Risk analysis a very important aspect of risk management. In this phase the risk is identified and then categorized. After the categorization of risk, the level, likelihood (percentage) and impact of the risk is analyzed. Likelihood is defined in percentage after examining what are the chances of risk to occur due to various technical conditions. These technical conditions can be:

1. Complexity of the technology
2. Technical knowledge possessed by the testing team
3. Conflicts within the team
4. Teams being distributed over a large geographical area
5. Usage of poor quality testing tools

With impact we mean the consequence of a risk in case it happens. It is important to know about the impact because it is necessary to know how a business can get affected:

1. What will be the loss to the customer
2. How would the business suffer
3. Loss of reputation or harm to society
4. Monetary losses
5. Legal actions against the company
6. Cancellation of business license

Level of risk is identified with the help of:

Qualitative Risk Analysis: Here you define risk as:

• High
• Low
• Medium

Quantitative Risk Analysis: can be used for software risk analysis but is considered inappropriate because risk level is defined in % which does not give a very clear picture.

Software Risk Planning

Software risk planning is all about:

1. Defining preventive measure that would lower down the likelihood or probability of various risks.
2. Define measures that would reduce the impact in case a risk happens.
3. Constant monitoring of processes to identify risks as early as possible.

Software Risk Monitoring

Software risk monitoring is integrated into project activities and regular checks are conducted on top risks. Software risk monitoring comprises of:

• Tracking of risk plans for any major changes in actual plan, attribute, etc.
• Preparation of status reports for project management.
• Review risks and risks whose impact or likelihood has reached the lowest possible level should be closed.
• Regularly search for new risks