What Is Software Risk And Software Risk Management?

Risk is an expectation of loss, a potential problem that may or may not occur in the future. It is generally caused due to lack of information, control or time.A possibility of suffering from loss in software development process is called a software risk. Loss can be anything, increase in production cost, development of poor quality software, not being able to complete the project on time. Software risk exists because the future is uncertain and there are many known and unknown things that cannot be incorporated in the project plan. A software risk can be of two types (a) internal risks that are within the control of the project manager and (2) external risks that are beyond the control of project manager. Risk management is carried out to:

  1. Identify the risk
  2. Reduce the impact of risk
  3. Reduce the probability or likelihood of risk
  4. Risk monitoring

A project manager has to deal with risks arising from three possible cases:

  1. Known knowns are software risks that are actually facts known to the team as well as to the entire project. For example not having enough number of developers can delay the project delivery. Such risks are described and included in the Project Management Plan.
  2. Known unknowns are risks that the project team is aware of but it is unknown that such risk exists in the project or not. For example if the communication with the client is not of good level then it is not possible to capture the requirement properly. This is a fact known to the project team however whether the client has communicated all the information properly or not is unknown to the project.
  3. Unknown Unknowns are those kind of risks about which the organization has no idea. Such risks are generally related to technology such as working with technologies or tools that you have no idea about because your client wants you to work that way suddenly exposes you to absolutely unknown unknown risks.

Software risk management is all about risk quantification of risk. This includes:

  1. Giving a precise description of risk event that can occur in the project
  2. Defining risk probability that would explain what are the chances for that risk to occur
  3. Defining How much loss a particular risk can cause
  4. Defining the liability potential of risk

Risk Management comprises of following processes:

  1. Software Risk Identification
  2. Software Risk Analysis
  3. Software Risk Planning
  4. Software Risk Monitoring
These Processes are defined below.

Software Risk Identification

In order to identify the risks that your project may be subjected to, it is important to first study the problems faced by previous projects. Study the project plan properly and check for all the possible areas that are vulnerable to some or the other type of risks. The best ways of analyzing a project plan is by converting it to a flowchart and examine all essentialareas. It is important to conduct few brainstorming sessions to identify the known unknowns that can affect the project. Any decision taken related to technical, operational, political, legal, social, internal or external factors should be evaluated properly.


Software Risk Identification

In this phase of Risk management you have to define processes that are important for risk identification. All the details of the risk such as unique Id, date on which it was identified, description and so on should be clearly mentioned.

Software Risk Analysis

Software Risk analysisis a very important aspect of risk management. In this phase the risk is identified and then categorized. After the categorization of risk, the level, likelihood (percentage) and impact of the risk is analyzed. Likelihood is defined in percentage after examining what are the chances of risk to occur due to various technical conditions. These technical conditions can be:

  1. Complexity of the technology
  2. Technical knowledge possessed by the testing team
  3. Conflicts within the team
  4. Teams being distributed over a large geographical area
  5. Usage of poor quality testing tools

With impact we mean the consequence of a risk in case it happens. It is important to know about the impact because it is necessary to know how a business can get affected:

  1. What will be the loss to the customer
  2. How would the business suffer
  3. Loss of reputation or harm to society
  4. Monetary losses
  5. Legal actions against the company
  6. Cancellation of business license

Level of risk is identified with the help of:

Qualitative Risk Analysis: Here you define risk as:

  • High
  • Low
  • Medium
Quantitative Risk Analysis: can be used for software risk analysis but is considered inappropriate because risk level is defined in % which does not give a very clear picture.

Software Risk Planning

Software risk planning is all about:

  1. Defining preventive measure that would lower down the likelihood or probability of various risks.
  2. Define measures that would reduce the impact in case a risk happens.
  3. Constant monitoring of processes to identify risks as early as possible.


Software Risk Planning

Software Risk Monitoring

Software risk monitoring is integrated into project activities and regular checks are conducted on top risks. Software risk monitoring comprises of:

  • Tracking of risk plans for any major changes in actual plan, attribute, etc.
  • Preparation of status reports for project management.
  • Review risks and risks whose impact or likelihood has reached the lowest possible level should be closed.
  • Regularly search for new risks




Your Software Testing Training
Table of Contents