There are two characteristics of risk i.e. uncertainty and loss.
Following are the categories of the risk:
1. Project risk- If the project risk is real then it is probable that the project schedule will slip and the cost of the project will increase.
- It identifies the potential schedule, resource, stakeholders and the requirements problems and their impact on a software project.
2. Technical risk- If the technical risk is real then the implementation becomes impossible.
- It identifies potential design, interface, verification and maintenance of the problem.
3. Business risk
If the business risk is real then it harms the project or product.
There are five sub-categories of the business risk:
1. Market risk - Creating an excellent system that no one really wants.
2. Strategic risk - Creating a product which no longer fit into the overall business strategy for companies.
3. Sales risk - The sales force does not understand how to sell a creating product.
4. Management risk - Loose a support of senior management because of a change in focus.
5. Budget risk - losing a personal commitment.
Other risk categories
These categories suggested by Charette.
1. Known risks : These risk are unwrapped after the project plan is evaluated.
2. Predictable risks : These risks are estimated from previous project experience.
3. Unpredictable risks : These risks are unknown and are extremely tough to identify in advance.
Principles of risk management
Maintain a global perspective - View software risks in the context of a system and the business problem planned to solve.
Take a forward looking view – Think about the risk which may occur in the future and create future plans for managing the future events.
Encourage open communication – Encourage all the stakeholders and users for suggesting risks at any time.
Integrate – A consideration of risk should be integrated into the software process.
Emphasize a continuous process – Modify the identified risk than the more information is known and add new risks as better insight is achieved.
Develop a shared product vision – If all the stakeholders share the same vision of the software then it is easier for better risk identification.
Encourage teamwork – While conducting risk management activities pool the skills and experience of all stakeholders.
Risk Identification
It is a systematic attempt to specify threats to the project plans.
Two different types of risk:
1. Generic risks- These risks are a potential threat to each software project.
2. Product-specific risks- These risks are recognized by those with a clear understanding of the technology, the people and the environment which is specific to the software that is to be built.
- A method for recognizing risks is to create item checklist.
The checklist is used for risk identification and focus is at the subset of known and predictable risk in the following categories:
1. Product size
2. Business impact
3. Customer characteristic
4. Process definition
5. Development environment
6. Technology to be built
7. staff size and experience
Risk Mitigation, Monitoring and Management (RMMM)
Risk analysis support the project team in constructing a strategy to deal with risks.
There are three important issues considered in developing an effective strategy:
- Risk avoidance or mitigation - It is the primary strategy which is fulfilled through a plan.
- Risk monitoring - The project manager monitors the factors and gives an indication whether the risk is becoming more or less.
- Risk management and planning - It assumes that the mitigation effort failed and the risk is a reality.
RMMM Plan
- It is a part of the software development plan or a separate document.
- The RMMM plan documents all work executed as a part of risk analysis and used by the project manager as a part of the overall project plan.
- The risk mitigation and monitoring starts after the project is started and the documentation of RMMM is completed.