LogoASPAlliance: Articles, reviews, and samples for .NET Developers
Introduction to Software Risk Management
by Joydip Kanjilal
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 32643/ 168


A Risk is defined as "The possibility of suffering harm or loss; danger." Software Risk Management may be defined as a well defined, continual set of activities that together with the necessary tolls and metrics can be used to identify, analyze and mitigate the risks involved in the Software Development Life Cycle (SDLC) of Software Projects through the usage of well defined policies, procedures and practices. You can find my article on Software Development Life Cycle (SDLC) here.

Risk Management is an important practice in the SDLC processes. Risks are applicable to a wide variety of industries; however, this article would focus on Risk Management applicable to SDLC only. It deals with Risk Management in Software Project Management, and the Risk Mitigation Strategies, Risk Assessment, Risk Control and how one can design an efficient Risk Management Plan to address the risks involved in SDLC processes. It outlines the methodologies that can be followed to reduce risks and increase the chances of Software Project success.

What are Risks and what are the sources of risks?

What is Risk? Risk is defined as "the possibility of suffering harm or loss". It is also defined as "a measure of the probability and severity of adverse effects." In Software Development Life Cycle, risk can be defined “as a measure of the probability and severity of adverse effects inherent in the development of software that does not meet its intended functions and performance requirements.”

Any Software Project can have risks associated with it. Risks are inevitable in the SDLC process. But, why do risks creep in the SDLC process? Well, this can be attributed to the changes that occur in the Software Project Requirements, the changes in technology in use, changes in the project team members, etc.

What is Risk Management?

Risk Management comprises of the processes, methodologies and tools that are used to manage risks in the SDLC process of a Software Project. Risk Management is defined as the activity that identifies a risk; assesses the risk and defines the policies or strategies to mitigate the risk. "Risk management is simply a practice of systematically selecting cost effective approaches for minimizing the effect of threat realization to the organization. It can also be defined as "a project management tool to assess & mitigate events that might adversely impact a project, thereby increasing the likelihood of success."

When a Risk is identified in a Software Development Life Cycle, it implies that the estimated goals and deadlines cannot be met with the resources at hand. Hence, Risk Management in SDLC processes is indispensable for the success of any Software.

How to manage Risks?

The basic idea behind Risk Management in SDLC is through a regular planning and assessment of risk that are measured based on the probability and impact on the Software Project Development Plan or schedule along with the proposed risk mitigation strategies to avoid risks and their impact on SDLC processes.

All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks." Risk Management involves the following activities.

·         Risk Identification – This is the step where a risk is identified before it becomes a problem, or, rather a hindrance to the success of any Software Project.

·         Risk Analyzing – This is a step that determines which risks are the most important ones to address based on their priority and impact. Once the risks are prioritized based on their importance, the adverse effects that they can inject into the SDLC process and their probability of occurrence is analyzed. The most critical risks are of higher priority and should be mitigated first compared to the ones that are of lesser priority.

·         Risk Planning – Risk Planning involves a decision making process that prioritizes the risks and creation of Risk Mitigation Plans. Risk Prioritization involves the quantitative measurement of risks and estimating the probability of their re-occurrence and the relative loss that they could incur in the SDLC process.

·         Risk Response Actions - This identifies and describes the action (such as acceptance, transfer, avoidance, or mitigation) and the necessary response strategies to address the risks based on the priority of the identified risks. This is the step that also identifies the target date for completion of the risk response action and the resource(s) who is/are responsible for the same.

·         Risk Monitoring - This phase monitors the risks and their evaluation of their current status based on the defined metrics so as to ensure that the risks identified are addressed as per the stated timelines in the SDLC process of a Software Project.

·         Control – This process controls the Risk Action or the Risk Mitigation Plans and improves the overall Risk Management Process. It involves the tracking of the progress of the SDLC process towards resolving the risk items that have already been identified.

·         Risk Reporting and Communication - This is a step that defines the methodologies that are used to report risk mitigation activities, review and present the Software Project risks and communicate the risks and their status effectively.

Who is a Risk Manager?

The Risk Manager is one who is responsible for defining, structuring, implementing, coordinating risks. He is also responsible for preparing the Risk Management plans, evaluating and verifying risks and even monitoring the status of the risks involved in the SDLC process of Software Projects. A Risk Manager should be able to foresee the risks, evaluate the risks and define measures to mitigate them efficiently.

What are Risk Management Plans?

A Risk Management Plan is one that defines the Risks associated with a Software Project. The Risk Management Plan is a document that is prepared should incorporate a schedule for mitigating the risks that have been identified in the SDLC process. It should be able to foresee the risks, analyze them, quantify the impact of the risks and create response plans to mitigate these risks involved in SDLC processes.

A typical Risk Management Plan comprises of the following.

·         Risk Management Approaches – The methodology and the tools that would be used

·         Roles and Responsibilities definition of the team members of the Project

·         Risk Assessment – Risk Identification, Risk Analysis and Response Actions

·         Defined Timelines to address the identified risks

·         Cost Estimation

·         Risk Monitoring or tracking

·         Risk Control

·         Risk Reporting or Risk Communication


Risk Management is a continual set of activities that is an absolute necessity for the success of any software. Regardless of the complexity and the technological challenges involved, a systematic approach towards Risk Management can improve the chances of success of any Software Project. When analyzing and evaluating risks we should consider the impact of these risks the probability of there re-occurrence and even their impact in the SDLC process of a Software Project.

Product Spotlight
Product Spotlight 

©Copyright 1998-2020  |  Page Processed at 2020-01-27 4:31:42 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search