Risk management

By :malini k

By: MALINI K
AGENDA: 4.Risk
management
1.What is risk??
5.Activities of risk
management
2.Types of software
risk
6.Risk identification

3.Strategies for
managing risk
I 7.Risk projection
What is risk??
A possibility of suffering from loss in
software development process is called
a software risk. Loss can be anything,
increase in production cost,
development of poor quality software,
"Tomorrow problems are
not being able to complete the project today's risk."
on time.
 Types of software risk

1. Project risks:
Project risks concern differ forms of budgetary, schedule, personnel,
resource, and customer-related problems. A vital project risk is schedule
slippage. Since the software is intangible, it is very tough to monitor and
control a software project. It is very tough to control something which cannot
be identified.
2. Technical risks:
Technical risks concern potential method, implementation, interfacing,
testing, and maintenance issue. It also consists of an ambiguous
specification, incomplete specification, changing specification,
technical uncertainty, and technical . Most technical risks appear due to
the development team's insufficient knowledge about the project.

3. Business risks:
This type of risks contain risks of building an excellent product
that no one need, losing budgetary or personnel commitments, etc.
1. Known risks: Those risks that can be uncovered after careful assessment of
the project program, the business and technical environment in which the
plan is being developed, and more reliable data sources (e.g., unrealistic
delivery date)

2. Predictable risks: Those risks that are hypothesized from previous project
experience (e.g., past turnover)

3. Unpredictable risks: Those risks that can and do occur, but are extremely
tough to identify in advance.
 Strategies for managing risk

• Reactive strategy
• Proactive strategy
1.Reactive strategy: A Reactive risk strategy is a response based
approach, which is solely dependent on past incident evaluation and audit
based findings. It begins once an 'incident' occurs.

2.Proactive strategy : Proactive risk management is a concept that

aims to reduce the odds of any accident or malicious attack occurring in
the future by identifying each business’ situation or processes to determine
potential threats.
 Proactive vs reactive strategies
PROACTIVE STRATEGY
1.These is the strategy that a company uses to
anticipate possible challenges
And threats.
2.Approach is to avoid risk and create
contingency plans for the
Unavoidable risks.
3.Identify possible risk and recognize what may
go wrong.
4.Develop a mitigation plan and contingency to
manage risks having high
Probability and high impact.
Example : supply chain optimization
Continuous improvements
Technology development
Seek competitive advantage
REACTIVE STRATEGY
1.Reactive strategies are the strategies a
company uses to respond to some unanticipated
event only after it occurs.
2.Approach is don’t worry I will think of
something.
3.Team need to move to a fire-fighting mode to
resolve the problem rapidly.
4.Most of the unstructured organizations and
inexperienced teams rely on this approach.
Example : production disruptions
Delivery date missed
Negative customer feedback
 Risk management
Risk management in software engineering
Entails identifying and estimating the
likelihood of risks in Order of their
impact on the project.
Activities of risk management
• Risk Identification
• Risk projection
 Risk identification

Risk identification is a systematic attempt to specify threats to the

project plan (estimates, schedule)By identifying known and
predictable risks, the project manager takes a first step toward
avoiding them when possible and controlling them when necessary.
 The steps in risk identification are:

• Preparation of risk item check list

• Creating risk components and drivers
list
 Preparation of risk item check list
1. Product size
2. Business impact
3. Customer characteristics
4. Process definition
5. Development environment
6. Staff size and experience
7. Technology to be built
 Creating risk components and drivers list
1. Performance risk
2. Cost risk
3. Support risk
4. Schedule risk

The impact on each risk driver on the risk component is

divided into one of four impact categories : negligible,
marginal, critical, catastrophic.
 Risk projection
Risk projection, also called risk estimation, attempts to rate
each risk in two ways—the likelihood or probability that
the risk is real and the consequences of the problems
associated with the risk, should it occur.
 There are four risk projection activities

• Establish a scale that reflects the perceived likelihood of a risk.

• Delineate the consequences of the risk.
• Estimate the impact of the risk on the project and the product.
• Note the overall accuracy of the risk projection so that there
will be no misunderstandings.