"Tomorrow problems are today's risk.

"
"risk" is a problem that could cause some loss or threaten the progress of the
project, but which has not happened yet.
 Risk Management

A software project can be concerned with a large variety of risks. In order

to be adept to systematically identify the significant risks which might
affect a software project, it is essential to classify risks into different
classes. The project manager can then check which risks from each class
are relevant to the project.
 Importance
• Schedule Adherence
• Cost Control
• Resource Optimization
• Proactive Issue Identification
• Uncertainty in Software Projects
• Quality Assurance
• Stakeholder Communication
• Decision-Making Support
• Continuous Improvement
• Project Success and Client Satisfaction
• There are three main classifications of risks which can affect a software
project:
1) Project risks 2) Technical risks 3) Business risks
• 1. Project risks: Project risks concern differ forms of budgetary, schedule,
personnel, resource, and customer-related problems. A vital project risk is
schedule slippage. Since the software is intangible, it is very tough to monitor
and control a software project. It is very tough to control something which
cannot be identified. For any manufacturing program, such as the manufacturing
of cars, the plan executive can recognize the product taking shape.
• 2. Technical risks: Technical risks concern potential method, implementation,
interfacing, testing, and maintenance issue. It also consists of an ambiguous
specification, incomplete specification, changing specification, technical
uncertainty, and technical obsolescence. Most technical risks appear due to the
development team's insufficient knowledge about the project.
• 3. Business risks: This type of risks contain risks of building an excellent product
that no one need, losing budgetary or personnel commitments, etc.
 Risk Assessment
• The objective of risk assessment is to division the risks in the condition of
their loss, causing potential. For risk assessment, first, every risk should
be rated in two methods:
• The possibility of a risk coming true (denoted as r).
• The consequence of the issues relates to that risk (denoted as s).
• Based on these two methods, the priority of each risk can be estimated:
• p=r*s
• Where p is the priority with which the risk must be controlled, r is the
probability of the risk becoming true, and s is the severity of loss caused
due to the risk becoming true. If all identified risks are set up, then the
most likely and damaging risks can be controlled first, and more
comprehensive risk abatement methods can be designed for these risks
 Risk Identification
• The project organizer needs to anticipate the risk in the project as early as possible so that
the impact of risk can be reduced by making effective risk management planning.
• A project can be of use by a large variety of risk. To identify the significant risk, this might
affect a project. It is necessary to categories into the different risk of classes.
• There are different types of risks which can affect a software project:
• Technology risks: Risks that assume from the software or hardware technologies that are
used to develop the system.
• People risks: Risks that are connected with the person in the development team.
• Organizational risks: Risks that assume from the organizational environment where the
software is being developed.
• Tools risks: Risks that assume from the software tools and other support software used to
create the system.
• Requirement risks: Risks that assume from the changes to the customer requirement and the
process of managing the requirements change.
• Estimation risks: Risks that assume from the management estimates of the resources
required to build the system
 Different types of risks
• Technical Risks
• Schedule Risks
• Resource Risks
• Requirement Risks
• Communication Risks
 Risk Analysis:
• During the risk analysis process, you have to consider every identified risk
and make a perception of the probability and seriousness of that risk.
• There is no simple way to do this. You have to rely on your perception and
experience of previous projects and the problems that arise in them.
• It is not possible to make an exact, the numerical estimate of the
probability and seriousness of each risk. Instead, you should authorize the
risk to one of several bands:
• The probability of the risk might be determined as very low (0-10%), low
(10-25%), moderate (25-50%), high (50-75%) or very high (+75%).
• The effect of the risk might be determined as catastrophic (threaten the
survival of the plan), serious (would cause significant delays), tolerable
(delays are within allowed contingency), or insignificant.
 Risk Control
It is the process of managing risks to achieve desired outcomes. After all, the identified
risks of a plan are determined; the project must be made to include the most harmful
and the most likely risks. Different risks need different containment methods. In fact,
most risks need ingenuity on the part of the project manager in tackling the risk.

There are three main methods to plan for risk management:

Avoid the risk: This may take several ways such as discussing with the client to change
the requirements to decrease the scope of the work, giving incentives to the engineers
to avoid the risk of human resources turnover, etc.

Transfer the risk: This method involves getting the risky element developed by a third
party, buying insurance cover, etc.

Risk reduction: This means planning method to include the loss due to risk. For
instance, if there is a risk that some key personnel might leave, new recruitment can be
planned.
 Monitoring and Review

Risk monitoring is a crucial aspect of risk management in the context of project

management, including Software Project Management (SPM). It involves the
continuous tracking, reviewing, and updating of identified risks throughout the
project lifecycle. The primary goal of risk monitoring is to ensure that the project
team remains aware of potential risks, their current status, and any changes in
their severity or probability.
Regular Risk Reviews:
Risk Documentation:
record of identified risks, including their descriptions, potential impacts, mitigation strategies, and current status.
Risk Metrics and Key Performance Indicators (KPIs):
Define and track specific metrics and KPIs related to risk management
Trigger Events: Identify trigger events or indicators that may suggest a risk is becoming more probable or its impact is increasing
Communication and Reporting:
Integration with Project Control Processes:
Integrate risk monitoring with other project control processes, such as progress tracking and performance measurement. This holistic approach helps in aligning
risk management with overall project management activities.
Continuous Risk Assessment:
Periodically reassess the project's risk landscape. As the project progresses, new risks may emerge, and the severity or likelihood of existing risks may change.
Regularly updating risk assessments helps in maintaining an accurate risk profile.
Feedback Loop:
Establish a feedback loop for lessons learned from past projects. Use insights gained from previous risk management experiences to improve risk monitoring
processes and enhance the team's ability to anticipate and address risks.
Technology Tools:
Leverage project management and risk management tools to facilitate the monitoring process. These tools can automate notifications, track changes, and provide
real-time visibility into the status of identified risks.
Training and Awareness:
Ensure that team members are adequately trained in risk monitoring processes and are aware of the importance of vigilance throughout the project. A well-
informed team is more likely to spot and respond to potential risks effectively.
Adaptability and Flexibility:
Be adaptable to changes in the project environment. The project team should be ready to adjust risk mitigation strategies based on new information and evolving
project circumstances.