The basic idea behind Risk Management in SDLC is through a
regular planning and assessment of risk that are measured based on the
probability and impact on the Software Project Development Plan or schedule
along with the proposed risk mitigation strategies to avoid risks and their
impact on SDLC processes.
All risks can never be fully avoided or mitigated simply
because of financial and practical limitations. Therefore all organizations
have to accept some level of residual risks." Risk Management involves the
Risk Identification – This is the step where a risk is identified
before it becomes a problem, or, rather a hindrance to the success of any Software
Risk Analyzing – This is a step that determines which risks are
the most important ones to address based on their priority and impact. Once the
risks are prioritized based on their importance, the adverse effects that they
can inject into the SDLC process and their probability of occurrence is
analyzed. The most critical risks are of higher priority and should be
mitigated first compared to the ones that are of lesser priority.
Risk Planning – Risk Planning involves a decision making process
that prioritizes the risks and creation of Risk Mitigation Plans. Risk
Prioritization involves the quantitative measurement of risks and estimating
the probability of their re-occurrence and the relative loss that they could
incur in the SDLC process.
Risk Response Actions - This identifies and describes the action
(such as acceptance, transfer, avoidance, or mitigation) and the necessary
response strategies to address the risks based on the priority of the
identified risks. This is the step that also identifies the target date for
completion of the risk response action and the resource(s) who is/are
responsible for the same.
Risk Monitoring - This phase monitors the risks and their evaluation
of their current status based on the defined metrics so as to ensure that the
risks identified are addressed as per the stated timelines in the SDLC process
of a Software Project.
Control – This process controls the Risk Action or the Risk
Mitigation Plans and improves the overall Risk Management Process. It involves
the tracking of the progress of the SDLC process towards resolving the risk
items that have already been identified.
Risk Reporting and Communication - This is a step that defines
the methodologies that are used to report risk mitigation activities, review
and present the Software Project risks and communicate the risks and their