Risk management aims at reducing the chances of a risk becoming real as well as reducing the impact of risk that becomes real.
A risk is any anticipated unfavourable event or circumstance that can occur while a project is underway. If a risk becomes real, the anticipated problem becomes a reality and is no more risk. If a risk becomes real, it can adversely affect the project and hamper the successful and timely completion of the project. Therefore, it is necessary for the project manager to anticipate and identify risks that a project is susceptible to so that contingency plans can be prepared beforehand to contain each risk.
Table of Contents
Also Read: Software Maintenance
Three Activities in Risk Management
- Risk identification
- Risk assessment
- Risk mitigation
The project manager needs to anticipate the risks in a project as early as possible. As soon as a risk is identified, effective risk management plans are made, so that the possible impacts of the risks are minimized. So, early risk identification is important. A software project can be affected by a large variety of risks. In order to be able to systematically identify the important risks which might affect a software project, it is necessary to categorize risks into different classes. The project manager can then examine which risks from each class are relevant to the project. There are three main categories of risks which can affect a software project:
- Project Risks: Project risks concern varies forms of budgetary, schedule, personnel, resource, and customer-related problems. An important project risk is schedule slippage. Since the software is intangible, it is very difficult to monitor and control a software project. The invisibility of the product being developed is an important reason why many software projects suffer from the risk of schedule slippage.
- Technical Risks: Technical risks concern potential design, implementation, interfacing, testing, and maintenance problems. Technical risks also include ambiguous specification, incomplete specification, changing specification, technical uncertainty, and technical obsolescence. Most technical risks occur due to the development team’s insufficient knowledge about the project.
- Business Risks: This type of risks include risks of building an excellent product that no one wants, losing budgetary or personnel commitments, etc.
In order to be able to successfully foresee and identify different risks that might affect a software project, it is a good idea to have a company disaster list. This list would contain all the bad events that have happened to software projects of the company over the years including events that can be laid at the customer’s doors. This list can be read by the project manager in order to be aware of some of the risks that a project might be susceptible to. Such a disaster list has been found to help in performing better risk analysis.
The objective of risk assessment is to rank the risks in terms of their damage-causing potential. For risk assessment, first each risk should be rated in two ways:
- The likelihood of a risk coming true (denoted as )
- The consequence of the problems associated with that risk (denoted as )
Based on these two factors, the priority of each risk can be computed as: , where, is the priority with which the risk must be handled, is the probability of the risk becoming true, and is the severity of damage caused due to the risk becoming true. If all identified risks are prioritized, then the most likely and damaging risks can be handled first and more comprehensive risk abatement procedures can be designed for these risks.
Risk Mitigation (Containment)
After all, the identified risks of a project are assessed, plans must be made to contain the most damaging and the most likely risks. Different risks require different containment procedures. In fact, most risks require ingenuity on the part of the project manager in tackling the risk.
Three main strategies to plan for risk containment
a) Avoid the Risk
Risks can be avoided in several ways. Risks often arise due to project constraints and can be avoided by suitably modifying the constraints. The different categories of constraints that usually give rise to risks are:
Process-related risk: These risks arise due to an aggressive work schedule, budget, and resource utilization.
Product-related risk: These risks arise due to a commitment to challenging product features (e.g. response time of one second, etc.), quality, reliability, etc.
Technology-related risks: These risks arise due to a commitment to using certain technology (e.g. satellite communication).
A few examples of risk avoidance can be following: discussing with the customer to change the requirements to reduce the scope of the work, giving incentives to the developers to avoid the risk of manpower turnover, etc.
b) Transfer the Risk
This strategy involves getting the risky components developed by a third party, buying insurance cover, etc.
c) Risk Reduction
This involves planning ways to contain the damage due to risk. For example, if there is a risk that some key personal might leave, new recruitment may be planned. The most important risk reduction technique for technical risks is to build a prototype that tries out the technology that you are trying to use.
Read Further: Wikipedia