RISK MANAGEMENT

• What is Risk?
• “Risk" is a problem that could cause some loss or threaten the
progress of the project, but which has not happened yet.
• These potential issues might harm cost, schedule or technical
success of the project and the quality of our software device, or
project team morale.
• Risk Management is the system of identifying addressing and
eliminating these problems before they can damage the project.
• We need to differentiate risks, as potential issues, from the
current problems of the project.
Reactive vs. Proactive Risk Strategies
Reactive risk strategies
• "Don't worry, I'll think of something"
• The majority of software teams and managers rely on this approach
• Nothing is done about risks until some thing goes wrong
• The team then lies into action in an attempt to correct the problem rapidly
Proactive risk strategies
• Steps for risk management are followed
• Primary objective is to avoid risk and to have a contingency plan in place to
handle unavoidable risks in a controlled and effective manner
• Risk Management
• A software project can be concerned with a large variety of risks. In
order to be adept to systematically identify the significant risks which
might affect a software project, it is essential to classify risks into
different classes. The project manager can then check which risks
from each class are relevant to the project.
• There are three main classifications of risks which can affect a
software project:
• Project risks
• Technical risks
• Business risks
1. Project risks: Project risks concern differ forms of budgetary, schedule,
personnel, resource, and customer-related problems.
• A vital project risk is schedule slippage. Since the software is intangible, it is
very tough to monitor and control a software project.
• It is very tough to control something which cannot be identified. For any
manufacturing program, such as the manufacturing of cars, the plan
executive can recognize the product taking shape.

2. Technical risks: Technical risks concern potential method, implementation,

interfacing, testing, and maintenance issue.
• It also consists of an ambiguous specification, incomplete specification,
changing specification, technical uncertainty, and technical obsolescence.
• Most technical risks appear due to the development team's insufficient
knowledge about the project
3. Business risks: This type of risks contain risks of building an excellent
product that no one need, losing budgetary or personnel
commitments, etc
Other risk categories
1. Known risks: Those risks that can be uncovered after careful
assessment of the project program, the business and technical
environment in which the plan is being developed, and more reliable
data sources (e.g., unrealistic delivery date)
2. Predictable risks: Those risks that are hypothesized from previous
project experience (e.g., past turnover)
3. Unpredictable risks: Those risks that can and do occur, but are
extremely tough to identify in advance.
Principle of Risk Management
• Global Perspective: In this, we review the bigger system description,
design, and implementation. We look at the chance and the impact
the risk is going to have.
• Take a forward-looking view: Consider the threat which may appear
in the future and create future plans for directing the next events.
• Open Communication: This is to allow the free flow of
communications between the client and the team members so that
they have certainty about the risks.
• Integrated management: In this method risk management is made an
integral part of project management.
• Continuous process: In this phase, the risks are tracked continuously
throughout the risk management paradigm.
• Risk Management Activities
Risk Assessment
• The objective of risk assessment is to division the risks in the
condition of their loss, causing potential. For risk assessment, first,
every risk should be rated in two methods:
• The possibility of a risk coming true (denoted as r).
• The consequence of the issues relates to that risk (denoted as s).
• Based on these two methods, the priority of each risk can be
estimated:
p=r*s
Where p is the priority with which the risk must be controlled,
• r is the probability of the risk becoming true
• s is the severity of loss caused due to the risk becoming true.
• If all identified risks are set up, then the most likely and damaging
risks can be controlled first, and more comprehensive risk abatement
methods can be designed for these risks.
1. Risk Identification: The project organizer needs to anticipate the risk
in the project as early as possible so that the impact of risk can be
reduced by making effective risk management planning.
• A project can be of use by a large variety of risk. To identify the
significant risk, this might affect a project. It is necessary to categories
into the different risk of classes.
• There are different types of risks which can affect a software project:
1.Technology risks: Risks that assume from the software or
hardware technologies that are used to develop the system.
2.People risks: Risks that are connected with the person in the
development team.
3.Organizational risks: Risks that assume from the organizational
environment where the software is being developed.
4.Tools risks: Risks that assume from the software tools and other
support software used to create the system.
5.Requirement risks: Risks that assume from the changes to the
customer requirement and the process of managing the
requirements change.
6.Estimation risks: Risks that assume from the management
estimates of the resources required to build the system.
2. Risk Analysis: During the risk analysis process, you have to consider every
identified risk and make a perception of the probability and seriousness of
that risk.
• There is no simple way to do this. You have to rely on your perception and
experience of previous projects and the problems that arise in them.
• It is not possible to make an exact, the numerical estimate of the
probability and seriousness of each risk. Instead, you should authorize the
risk to one of several bands:
• The probability of the risk might be determined as very low (0-10%), low
(10-25%), moderate (25-50%), high (50-75%) or very high (+75%).
• The effect of the risk might be determined as catastrophic (threaten the
survival of the plan), serious (would cause significant delays), tolerable
(delays are within allowed contingency), or insignificant.
• Risk Control
• It is the process of managing risks to achieve desired
outcomes.
• After all, the identified risks of a plan are determined; the project
must be made to include the most harmful and the most likely
risks.
• Different risks need different containment methods.
• In fact, most risks need ingenuity on the part of the project
manager in tackling the risk.
• There are three main methods to plan for risk management:
1.Avoid the risk: This may take several ways such as discussing
with the client to change the requirements to decrease the
scope of the work, giving incentives to the engineers to avoid
the risk of human resources turnover, etc.
2.Transfer the risk: This method involves getting the risky
element developed by a third party, buying insurance cover, etc.
3.Risk reduction: This means planning method to include the
loss due to risk. For instance, if there is a risk that some key
personnel might leave, new recruitment can be planned.
• Risk Leverage: To choose between the various methods of
handling risk, the project plan must consider the amount of
controlling the risk and the corresponding reduction of risk. For
this, the risk leverage of the various risks can be estimated.
• Risk leverage is the variation in risk exposure divided by the
amount of reducing the risk.
• Risk leverage = (risk exposure before reduction - risk
exposure after reduction) / (cost of reduction)
• 1. Risk planning: The risk planning method considers each of
the key risks that have been identified and develop ways to
maintain these risks.
• For each of the risks, you have to think of the behavior that you
may take to minimize the disruption to the plan if the issue
identified in the risk occurs.
• You also should think about data that you might need to collect
while monitoring the plan so that issues can be anticipated.
• Again, there is no easy process that can be followed for
contingency planning. It rely on the judgment and experience of
the project manager.
• 2. Risk Monitoring: Risk monitoring is the method king that
your assumption about the product, process, and business risks
has not changed.
• Risk Mitigation, Monitoring, and Management (RMMM) plan
• A risk management technique is usually seen in the software Project
plan.
• This can be divided into Risk Mitigation, Monitoring, and
Management Plan (RMMM).
• In this plan, all works are done as part of risk analysis. As part of the
overall project plan project manager generally uses this RMMM plan.
• In some software teams, risk is documented with the help of a Risk
Information Sheet (RIS).
• This RIS is controlled by using a database system for easier
management of information i.e. creation, priority ordering, searching,
and other analysis.
• After documentation of RMMM and start of a project, risk mitigation
and monitoring steps will start.
Risk Mitigation :
• It is an activity used to avoid problems (Risk Avoidance).
Steps for mitigating the risks as follows:
• Finding out the risk.
• Removing causes that are the reason for risk creation.
• Controlling the corresponding documents from time to time.
• Conducting timely reviews to speed up the work.
• Risk Monitoring :
It is an activity used for project tracking.
It has the following primary objectives as follows.

1.To check if predicted risks occur or not.

2.To ensure proper application of risk aversion steps defined for
risk.
3.To collect data for future risk analysis.
4.To allocate what problems are caused by which risks
throughout the project.
• Risk Management and planning :
• It assumes that the mitigation activity failed and the risk is a reality.
This task is done by Project manager when risk becomes reality and
causes severe problems.
• If the project manager effectively uses project mitigation to remove
risks successfully then it is easier to manage the risks.
• This shows that the response that will be taken for each risk by a
manager.
• The main objective of the risk management plan is the risk register.
This risk register describes and focuses on the predicted threats to a
software project.
• Risk Mitigation:
• To mitigate this risk, project management must develop a strategy
for reducing turnover. The possible steps to be taken are:
• Meet the current staff to determine causes for turnover (e.g., poor
working conditions, low pay, competitive job market).
• Mitigate those causes that are under our control before the project
starts.
• Once the project commences, assume turnover will occur and
develop techniques to ensure continuity when people leave.
• Organize project teams so that information about each development
activity is widely dispersed.
• Define documentation standards and establish mechanisms to
ensure that documents are developed in a timely manner.
• Assign a backup staff member for every critical technologist.
Risk Monitoring:
• As the project proceeds, risk monitoring activities commence.
The project manager monitors factors that may provide an
indication of whether the risk is becoming more or less likely. In
the case of high staff turnover, the following factors can be
monitored:
• General attitude of team members based on project pressures.
• Interpersonal relationships among team members.
• Potential problems with compensation and benefits.
• The availability of jobs within the company and outside it.
• Drawbacks of RMMM:
• It incurs additional project costs.
• It takes additional time.
• For larger projects, implementing an RMMM may itself turn
out to be another tedious project.
• RMMM does not guarantee a risk-free project, infact, risks may
also come up after the project is delivered.