Risk Management Activities

Feb 12, 2020

---

What is meant by the term "Risk Management"?

Risk is an inexorable and an unavoidable part of a software development process, which constantly evolves throughout the course of a project, affecting a project or software or both. Thus, it arise the necessity to deal and manage these risks in an efficient and effective manner.

In the field of software engineering, risk management is a methodology or a mechanism, carried out throughout the development process to identify, manage and control risks evolved before and during the development process.

Basically, three types of activities are covered under the risk management process.

• Risk Identification.
• Risk Analysis.
• Risk Control.

Risk Identification:

It is the first step of a risk management process, which involves the identification of potential risks that may affect a software product or a development project, and accordingly documenting them along with their characteristics.

It is a constant process, which is carried out throughout the development due to the fact that as the development process progresses, the more we get to know about the software product and based on it, we may able to explore and identify more unvisited or hidden risks.

Generally, this phase helps in identifying the two types of risks, product risk and project risk.

• Product risk: Risks pertaining to a software product or application, which may arise, due to its inefficiency, to function, desirably, to meet the expectation of the users.
• Project risk:These risks involves any sort of uncertain or unexpected event or action, which may likely to occur and degrade the progress of a project.

In this phase, usually client, stakeholders, business manager, project manager and test manager, collaborate and participates in brainstorming or small sessions, study and analyze the project documentation plan, etc., to make out the probable list of risks associated with the software development. Some commonly known techniques to identify risks may include risk templates, project retrospective, Failure Mode and Effect Analysis (FMEA), Failure Mode Effect and Criticality Analysis (FMECA), etc.

Risk Assessment:

The next stage of a risk management process is risk analysis, which involves the assessment of the risks identified during the risk identification stage.

• This stage usually involves the analysis and prioritization of the risks, i.e. possible outcomes of each identified risk is being assessed based on which risks are categorized and accordingly, prioritized.
• Based on the degree of impact, possessed by each risk, they are being assigned severity levels, namely 'High', 'Medium' and 'low'. And based on their severity, they are prioritize i.e. High risks are considered as top priority whereas the low risk is regarded for the bottom most priority.

Risk Control:

During this stage, risks are managed, controlled and mitigated, based on their priority so as to achieve the desired results. It is generally divided into three activities which may be seen below.

• Risk Management Planning: It involves a proper and effective plan to deal with the each identified risk.
• Risk Resolution:It refers to the execution of the plans, outlined during the risk management planning stage so as to either remove or fix identified risks.
• Risk Monitoring: It involves, regular monitoring and tracking, the development progress, in the direction, of resolving risk issues, which may include revaluation of the risks, their likelihood to occur, etc., and taking and implementing necessary & appropriate actions, wherever necessary.