Risk is an inherent part of software development, and effective risk analysis and management is an essential ingredient for a successful software project. The objective of software risk analysis is to predetermine events that may threaten aspects of the project, and to devise suitable project plans that mitigate the impact of these events should they occur.
Project risk analysis is usually performed as part of the planning phase. The constituent activities are identification, projection, and assessment.
Identification lists all the project risks. Each event is defined as a risk and is broadly classified as one of the following:
- Project risk, e.g. potential budget, schedule, or resource problems, or project complexity, size and structure
- Business risk, e.g. losing management support due to a change in focus
- Technical risk, e.g. potential design or interfacing problems, or specification ambiguity, or technical uncertainty
Projection or risk estimation, attempts to quantify the risk in terms of its likelihood of occurrence and its perceived impact. The following activities are performed:
- Define a scale that represents the perceived likelihood of occurrence of the risk
- Describe the consequences of the risk
- Estimate the impact the risk will have on the project. Impact is described in the following terms:
- Nature - identifies the problems that will arise if the risk occurs
- Scope - identifies the severity, i.e. how serious the impact is, with the distribution, i.e. how much of the project is affected
- Timing - identifies when and for how long the impact will be felt
Assessment examines the accuracy of the estimates and
prioritizes the project risks. Project plans are developed to control, mitigate or avert those risks, which are most likely to occur.
Once all this information is collated, risk management can be conducted to control the project risks that do actually occur.
|