Professional Documents
Culture Documents
Software Quality Management
Software Quality Management
Software Quality Management
MANAGEMENT
Define and Discuss Reactive and Proactive risk strategies used
software development.
● Proactive risk management is the analysis and management of risk that may affect a
given project before they occur.
● It involves:
○ Careful analysis of a situation to determine potential risks
○ Assessment of processes to determine potential risks.
○ Identification of drivers of risks in order to understand their root cause.
○ Assessment of the probability and impact of the risks in order to prioritize
them and prepare a contingency plan.
● It is implemented as a preventive measure and helps companies/organizations
prepare for the worst case scenario in case of a project.
● It improves an organization's ability to both avoid and/or manage both existing and
emerging risks.
● It also helps them to quickly adapt to unwanted events or crises.
● It should be implemented as a continuous process or discipline that has to be
practiced and made an integral part of the project or organization.
● Reactive Risk Management is one where threats are tackled as they emerge.
● Incidents are examined for their root cause to prevent similar threats from occurring
in future.
● It is considered to be just as important to an overall risk management strategy as
proactive risk management; and is often used to apply and enhance it.
● It helps organizations manage during events with unforeseen threats.
● During the mitigation of the threat, it uses and tests the processes outlined by the
proactive risk management.
Discuss risk mitigation techniques used in software
development. What is the limitation of each identified
technique?
Avoidance
● This is where the risk and it's negative consequences are completely avoided during
the Software Development Life Cycle.
● It can be done by designing out the causes of the risk or stepping away from the
business activities involved with the risk.
● This allows the organization to successfully avoid the undesired consequences of the
risk.
● Limitation
○ Avoidance of the risk may cause the project to be shut down altogether,
leading to wastage of resources gathered to undertake the project to begin
with.
○ Planning around the risk may take extra time and resources.
Acceptance
● For risks that are at an acceptable level; for instance, a sufficiently low estimated
failure rate of a device or software; the product can be allowed to ship regardless
with the risk accepted by the organization.
● Limitation
○ If the acceptance of the risk is based on estimates or predictions; incorrect
information or forecasting may lead to bad consequences in future.
● Through the use of risk prioritization tools to identify and prioritize risks; organizations
can reduce the probability of occurrence; or the severity of the consequences of an
unwanted risk.
● If it is not possible to reduce the likelihood that the risk will occur, or the severity of it's
consequences; then organizations can implement controls.
● These controls can be used to:
○ Detect the causes of unwanted risk prior to the threat occurring during use of
the product
○ Detect the root causes of unwanted failures that the team can avoid during
development.
● Limitation
○ Controlling risk can get expensive over time.
Transference
● This is where the burden of the risk consequence is shifted to another party.
● This can be done through giving the work of developing the product to another party,
or through the use of insurance.
● Limitation
○ Some control is given up, which may also affect the quality of the product.
○ A poor quality product may affect the brand's image despite the product not
being fully made by the company.
● It is done through :
Bhasin, H. (2020, April 13). What is auditing? Four phases of the audit cycle.
Marketing91. https://www.marketing91.com/what-is-auditing-definition/
Geek for Geeks. (2019, April 10). Software engineering | software review.
GeeksforGeeks. https://www.geeksforgeeks.org/software-engineering-software-
review/
indeed. (2020, December 10). Five key risk mitigation strategies (with examples) |
development/risk-mitigation-strategies
Reciprocity. https://reciprocitylabs.com/proactive-vs-reactive-risk-management-
strategies/
https://www.metricstream.com/insights/proactive-risk-management-approach.htm