Risk Assessment
The primary goal of risk assessment is to classify risks based on their potential impact and likelihood of occurrence. Each identified risk should first be evaluated in two ways:
- Probability (r): The likelihood that a risk will occur.
- Severity (s): The potential damage or consequences if the risk occurs.
From these two factors, the priority of a risk can be determined using the formula:
p=r*s
Where p represents the priority level, r is the probability, and s is the severity. This calculation helps in identifying which risks need to be addressed first. By focusing on the most likely and damaging risks, project teams can develop stronger and more effective risk mitigation strategies.
1. Risk Identification
The project manager must identify potential risks as early as possible so their impact can be minimized through proactive planning. Since software projects face various risks, they should be categorized into clear classes:
- Technology Risks: Arising from the software or hardware technologies used in development.
- People Risks: Associated with the development team and human resource factors.
- Organizational Risks: Emerging from the organizational structure or environment.
- Tool Risks: Related to the software tools and support systems used.
- Requirement Risks: Due to changes in customer requirements or poor requirement management.
- Estimation Risks: Stemming from inaccurate resource, time, or cost estimates.
2. Risk Analysis
In this stage, each identified risk is assessed to estimate both its probability and severity. While exact numerical predictions are rarely possible, risks can be grouped into qualitative categories.
- Probability Levels: Very Low (0–10%), Low (10–25%), Moderate (25–50%), High (50–75%), Very High (75%+).
- Impact Levels: Catastrophic (threatens project survival), Serious (causes major delays), Tolerable (within contingency limits), Insignificant.
The analysis largely depends on the manager’s judgment, experience, and lessons from past projects.
3. Risk Planning
Risk planning involves creating actionable steps to manage high-priority risks. For each risk, the project manager should:
Define measures to minimize disruption if the risk occurs.
Identify the type of data needed to monitor the situation effectively.
Develop contingency plans based on professional judgment and prior experience.
4. Risk Monitoring
Risk monitoring ensures that initial assumptions about project, product, and business risks remain valid over time. Continuous monitoring allows the team to detect changes early and take corrective action before risks escalate.
Risk Control
Risk control focuses on managing risks to achieve desired project outcomes. Once key risks are identified, appropriate strategies must be designed. Different risks require different approaches, often demanding creativity and foresight from the project manager.
Common Risk Management Strategies:
- Avoidance: Modifying project plans to eliminate risks, such as revising requirements or improving communication.
- Transfer: Shifting the risk to a third party, outsourcing certain tasks, or purchasing insurance.
- Reduction: Minimizing the impact of risks, for example by recruiting backups for critical staff roles.
Risk Leverage helps in selecting the best mitigation strategy.
Risk Leverage=(Risk Exposure Before−Risk Exposure After)/Cost of Reduction
This formula evaluates whether the cost of risk reduction is justified by the benefit gained.
