29 Risk Management

R. Baskaran

 

SOFTWARE RISK MANAGEMENT

 

Project risks are defined as the undesirable event, the chance that an event might occur and the consequences of all possible outcomes. Risk management attempts to identify such events, minimize their impact & provide a response if the event is detected.

 

LEARNING OBJECTIVES 

  • To identify potential software risks as required by the grading level.
  • To determine the Likelihood and consequences of the safety software failure.
  • To elaborate on risk management policies and process.
  • To establishment of risk thresholds for the safety software application.

 

SOFTWARE RISK 

 

Risk is an uncertainty. We don’t know whether a particular event will occur or not, but if it does has a negative impact on a project. An example would be that team is working on a project and the developer walks out of project and other person is recruited in his place and he doesn’t work on the same platform and converts it into the platform he is comfortable with. Now the project has to yield the same result in the same time span. That is the risk of schedule relies on whether they will be able to complete the project on time.

 

Definitions of Risks 

 

Risk is the probability of suffering loss. Risk provides an opportunity to develop the project better.

 

Riskexposure= Size (loss)* probability of (loss)

 

There is a difference between a problem and risk. Problem is some event which has already occurred but risk is something that is unpredictable.

 

Need for risk management 

 

The need for risk management can be expressed using Murphy’s Laws. The law expresses that if anything can go wrong, it will go wrong. Of things that could go wrong, the one that causes the most damage will occur.

 

Project risks are defined as the undesirable event, the chance this event might occur and the consequences of all possible outcomes, Risk management attempts to identify such events, minimize their impact & provide a response if the event is detected. The essence of project management is risk management.

 

Risk Characteristics 

 

The two characteristics of risk

  • Uncertainty – the risk may or may not happen, that is, there are no 100% risks (those, instead, are called constraints).
  • Loss – the risk becomes a reality and unwanted consequences or losses occur.

 

Risk Categorization 

 

Risks can be categorized broadly into project risks, technical risks, business risks, known risks, undreamt risks, predictable and unpredictable risks.

  • Project risks: They threaten the project plan. If they become real, it is likely that the project schedule will slip and that costs will increase.
  • Technical risks: They threaten the quality and timeliness of the software to be produced. If they become real, implementation may become difficult or impossible.
  • Business risks: They threaten the viability of the software to be built. If they become real, they jeopardize the project or the product. Business risk can be further categorized into the following:
    • Market risk – building an excellent product or system that no one really wants.
    • Strategic risk – building a product that no longer fits into the overall business strategy for the company.
    • Sales risk – building a product that the sales force doesn’t understand how to sell.
    • Management risk – losing the support of senior management due to a change in focus or a change in people.
    • Budget risk – losing budgetary or personnel commitment.
  • Known risks: Those risks that can be uncovered after careful evaluation of the project plan, the business and technical environment in which the project is being developed, and other reliable information sources (e.g., unrealistic delivery date).
  • Predictable risks: Those risks that are extrapolated from past project experience (e.g., past turnover).
  • Unpredictable risks: Those risks that can and do occur, but are extremely difficult to identify in advance.
  • Undreamt risk: Those risks that are extremely challenging to handle, which are of undreamt scale to confront.

 

Reactive vs. Proactive Risk Strategies 

  • Reactive risk strategies: Reactive risk strategies are based on the tag “Don’t worry, I’ll think of something“. The majority of software teams and managers rely on this approach. Nothing is done about risks until something goes wrong. When something goes wrong the team then flies into action in an attempt to correct the problem rapidly (fire fighting). Crisis management is the choice of management techniques.
  • Proactive risk strategies: The primary objective is to avoid risk and to have a contingency plan in place to handle unavoidable risks in a controlled and effective manner.

 

RISK MANAGEMENT 

 

The risks we encounter in a project should be resolved so that we are able to deliver the desired project to the customer. The project should be managed in such a way that the risks don’t affect the project in a big way. The art of managing of the risks effectively is done so that a WIN- WIN situation and friendly relationship is established between the team and the customer is called Risk Management. By using various paradigms, principles we can manage the risks.

 

There are four major steps to developing a risk management plan which are the following:

 

1. Identify all the possible risk events that could affect the project.

2. Assess each risk in terms of probability, impact severity and controllability.

3. Develop a strategy and/or contingency for responding to each risk.

4. Monitor and control risks dynamically

Risk Identification: The project is analyzed to identify the sources of risk. All the possible risks that could affect the project are identified. At the end of this phase, all the possible risks are acknowledged.

 

Risk Assessment: Each risk is assessed in terms of probability, impact severity and controllability. Assessment allows the developers to understand the impact and the consequences that can be caused by risks and facilitates them to control the risks

 

Risk Response Development: Develop a strategy and/or contingency for responding to each risk. The team develops a strategy to reduce possible damage to the project. A risk management plan is devised in this phase.

 

Risk Response Control: Risk response control monitor and control risks dynamically. They implement the risk strategy to control the risks. They monitor and adjust plans to encounter new risks. Change management is done by to control the changes that are done while encountering new risks in the project.

 

PRINCIPLES OF RISK MANAGEMENT

  • Global Perspective: Global perspective is comprised of larger system definitions, design and implementation. We look at the opportunity and the impact the risk is going to have.
  • Forward Looking View: Forward looking view focuses on looking at the possible uncertainties that might creep We also think for the possible solutions for those risks that might occur in the future.
  • Open Communication: This is to enable the free flow of communication between the customers and the team members so that they have clarity about the risks.
  • Integrated management: Risk management is made an integral part of project management.
  • Continuous process: The risks are tracked continuously throughout the risk management paradigm.

 

Web Links

  • http://www.softwaretestinghelp.com/types-of-risks-in-software-projects/
  • https://www.tutorialspoint.com/software_testing_dictionary/risk.htm

 

Supporting & Reference Materials

  • Roger S. Pressman, “Software Engineering: A Practitioner’s Approach”, Fifth Edition, McGraw Hill, 2007.
  • Pankaj Jalote, “An Integrated Approach to Software Engineering”, Second Edition, Narosa Publications, 2005.
  • Ian Sommerville, “Software Engineering”, Tenth Edition, Pearson Education, 2017.