RISK MANAGEMENT Risk: It is a problem that could cause some loss or threaten the success of the project, but

which has not happened yet. These potential problems might have an adverse impact on cost, schedule, or technical success of the project, the quality of our software products. Risk Management: It is the process of identifying, addressing and eliminating these problems (risk) before they can damage the project. *There are top 5 risk factors that threaten projects in different applications. 1. Dependencies Many risks arise due to dependencies of project on outside agencies or factors. It is not easy to control these external dependencies. Some typical dependency-related risk factors are: Availability of trained, experienced people. Intercomponent or inter-group dependencies. Customer furnished items or information. Internal and external subcontractor relationship. 2. Requirement issues Many projects face uncertainty around the products requirements. If these requirementrelated risk factors are not controlled, we might build a wrong project. Some typical factors are Lack of clear product vision. Lack of agreement on product requirements. Unprioritized requirements. New market with uncertain needs. Rapidly changing requirements. 3. Management issues Some risk factors are Inadequate planning and tasks identification. Inadequate visibility into actual project status. Unrealistic commitments made, sometimes for wrong reasons. Managers or customers with unrealistic expectations. Staff personality conflicts. Poor communication. 4. Lack of knowledge Some risk factors are Inadequate training. Poor understanding of methods, tools and techniques. Inadequate application domain experience. New technologies. Ineffective, poorly documented, or neglected processes. 5. Other risk categories Some of the critical potential risk areas are Unavailability of adequate testing facilities.

Turnover of essential personnel. Technical approaches that.

Risk Management Activities

Risk identification Risk management Risk assessment Risk containmen t Avoid the risk Transfer the risk Risk reduction

Risk Identification
The project manager needs to anticipate the risks in the project as early as possible so that the impact of the risks can be minimized by making effective risk management plans. So, early risk identification is important. All risks that are likely to affect a project must be identified and listed. A project can be affected by a large variety of risks. There are three main categories of risks which can affect a software project. They are(i) Project risks: concerns various forms of budgetary, schedule, personnel, resources and customer related problems. An important project risk is schedule slippage. (ii) Technical risks: concern potential design, implementation, interfacing, testing and maintenance problems. It also includes ambiguous specification, incomplete specification, technical uncertainty, and technical obsolescence. (iii) Business risks: These include risks of building an excellent product that no one wants, losing budgetary or personnel commitments.

Risk Assessment
The objective of risk assessment is to rank the risks in terms of their damage causing potential. For risk assessment, each risk should be rated in two ways: (i) The likelihood of a risk coming true (r).

(ii) The consequences of the problems associated with that risk (s). Based on these two factors, the priority of each risk can be computed: p=r*s Where p is the priority with which the risk must be handled, r is probability of the risk becoming true, and s is the severity of damage caused due to the risk becoming true. If all identified risks are prioritized, then the most likely and damaging risks can be handled first.

Risk containment
After all the identified risks are assessed, plans must be made to first contain the most damaging and the most likely risks. Different risks require different containment procedures. There are main three strategies to plan for risk containment:(i) Avoid the risk- Risk can be avoided in several ways, such as discussing with the customers to change the requirements to reduce the scope of the work, giving incentives to the developers to avoid the risk of manpower turnover. (ii) Transfer the risk- This strategy involves getting the risky component developed by third party, buying insurance cover etc. (iii) Risk reduction- This involves planning ways to contain the damage due to a risk. For example, if there is a risk that some key personnel might leave, new recruitment may be planned. The most important thing to do in addressing technical risks is to build a prototype. To choose between the different strategies of handling a risk, the project manager must consider the cost of handling the risk and corresponding reduction of risks. For this, a factor called Risk leverage of the different risks should be computed. Risk leverage= Risk exposure before reduction Risk exposure after reduction Cost of reduction