RISKMANAGEMENT:

Dept of COMPUTER APPLICATIONS

05/16/2025 1
Session Number
RISKMANAGEMENT
"risk" is a problem that could cause some loss or threaten the progress of the
project, but which has not happened yet.
• Risk management is concerned with identifying risks and drawing up
plans to minimize their effect on a project.
• A risk exists when there is a probability that some adverse
circumstance will occur.
• Project risks affect schedule or resources.
• Product risks affect the quality or performance of the software being
developed.
• Business risks affect the organization developing or procuring the software.

Dept of COMPUTER APPLICATIONS

05/16/2025 2
Session Number
 There are three main
classifications of risks
which can affect a
software project:
1.Project risks
2.Technical risks
3.Business risks

Dept of COMPUTER APPLICATIONS

05/16/2025 3
Session Number
The risk management process
• Risk identification – identify project, product and business risks
• Risk analysis – assess the likelihood and consequences of these risks
• Risk planning – draw up plans to avoid or minimise the effects of the
risk
• Risk monitoring – monitor the risks throughout the project

Dept of COMPUTER APPLICATIONS

05/16/2025 4
Session Number
 Risk management includes the
The risk management process following tasks:

•Identify risks and their triggers

•Classify and prioritize all risks
•Craft a plan that links each risk to a
mitigation
•Monitor for risk triggers during the
project
•Implement the mitigating action if
any risk materializes
•Communicate risk status throughout
project

Dept of COMPUTER APPLICATIONS

05/16/2025 5
Session Number
Risk identification
• Types
– Technology risks
– People risks
– Organizational risks
– Tools risks
– Requirements risks
– Estimation risks

Dept of COMPUTER APPLICATIONS

05/16/2025 6
Session Number
System and software design

Dept of COMPUTER APPLICATIONS

05/16/2025 7
Session Number
Risk analysis
• Assess probability and seriousness ofeach risk.
• Probability may be very low, low, moderate, high or very high.
• Risk effects might be catastrophic, serious,tolerable or insignificant.

Dept of COMPUTER APPLICATIONS

05/16/2025 8
Session Number
Risk analysis

Dept of COMPUTER APPLICATIONS

05/16/2025 9
Session Number
Risk planning
• Consider each risk and develop a strategy tomanage that risk.
• Avoidance strategies – the probability that the risk will arise is
reduced.
• Minimisation strategies – the impact of the risk on the project or
product is reduced.
• Contingency plans – if the risk arises, contingency plans are plans to
deal with that risk. (to effect the minimisation strategy)

Dept of COMPUTER APPLICATIONS

05/16/2025 10
Session Number
Risk management strategies

Dept of COMPUTER APPLICATIONS

05/16/2025 11
Session Number
Risk monitoring
• Assess each identified risk regularly to decide whether or not it is
becoming less or more probable.
• Also assess whether the effects of the risk have changed.
• Each key risk should be discussed at management progress meetings.

Dept of COMPUTER APPLICATIONS

05/16/2025 12
Session Number
Risk factors (»warning signs)

Dept of COMPUTER APPLICATIONS

05/16/2025 13
Session Number
Main Check points
• Always be forward-thinking about risk management. Otherwise, the project
team will be driven from one crisis to the next.
• Use checklists, and compare with similar previous projects.
• Prioritize risks, ranking each according to the severity of exposure.
• Develop a top-10 or top-20 risk list for your project. Like most project
managers, you can probably reuse this list on the next project!
• Vigorously watch for surfacing risks by meeting with key stakeholders—
especially with the marketing team and the customer.
• As practicable, split larger risks into smaller, easily recognizable and readily-
manageable risks.
• Strongly encourage stakeholders to think proactively and communicate about
risks throughout the entire project.
Dept of COMPUTER APPLICATIONS
05/16/2025 14
Session Number
Process Visibility
• Making a process visible means producing documents at regular
intervals.
• Waterfall Model
• a rapid development process will reduce the process visibility.

Dept of COMPUTER APPLICATIONS

05/16/2025 15
Session Number
Professional and ethical responsibility

• SE involves wider responsibilities than simply the application of

technical skills.
• Software engineers must behave honestly and ethically if they are to
be respected as professionals.
• This goes beyond simply upholding the law.
• Consider four important issues of professional responsibility...

Dept of COMPUTER APPLICATIONS

05/16/2025 16
Session Number
Issues of professional responsibility

• Confidentiality
• Engineers should normally respect the confidentiality of their employers or clients irrespective of
whether or not a formal confidentiality agreement has been signed.
• Competence
• Engineers should never misrepresent their level of competence.
• They should never knowingly accept work which is outside their competence.
• Intellectual property rights
• Engineers should be aware of applicable laws governing the use of intellectual property such as
patents, copyright, etc.
• They should be careful to ensure that the intellectual property of employers and clients is protected.
• Computer misuse
• Software engineers should not use their technical skills to misuse other people’s computers.
Dept of COMPUTER APPLICATIONS
05/16/2025 17
Session Number
Principles of Risk Management and Paradigm

• Risk Management is an approach that helps in

managing and make best use of the available
resources. A computer code project may be laid low
with an out sized sort of risk so as to be ready to
consistently establish the necessary risks which could
have an effect on a computer code project.

05/16/2025 Dept of COMPUTER APPLICATIONS 18

Session Number
Principles of Risk Management:
There are 5 principles of Risk Management. They are:
1.Global Perspective:
Larger system definitions, design and implementation is considered. The
opportunity and the impact that the risk is going to have is looked. View
software risks in the context of a system and the business problem
planned to solve.
2.Forward Looking View:
Looking at the possible uncertainties that might dragged. Possible
solutions of the risks that might occur in the future are considered. Think
about the risk which may occur in the future and create future plans for
managing the future events.
3.Open Communication:
This enables the free flow of the communication between the end users
and the development team so that they can clarify the risks. Encourage
all the stakeholders and users for suggesting risks at any time.
4.Integrated Management:
Risk management is made an integral part of the project management
during this phase. A consideration of risk should be integrated into the
software process.
5.Continuous Process:
Risks are tracked continuously throughout the risk management
paradigm
05/16/2025 during this phase. Modify the identified
Dept of COMPUTER APPLICATIONS risk than the more 19
Session Number
information is known and add new risks as better insight is achieved.
Risk Management Paradigm:
1.Identify:
Risks are identified before major problem is created. If the risks are
identified before they create a major problem then there might not be
more difficulty in controlling the risks.
2.Analyze:
Deep analysis of nature, behavior and type of risk and collect
information about it. It is required for the purpose of the determination
of the knowledge about the risk.
3.Plan:
Convert the plan into actions and implementation. This phase includes
the actions and implementation of the planning that was done before.
After the risk detection plans are made and executed.
4.Track:
Necessary actions are monitored. Necessary action means the required
work for the removal and minimization of the risk detected.
5.Control:
Correct the deviation and make necessary changes. Put the right thing
in the right place and the required field will changed according to the
changes required.
6.Communicate:
Discussion about the current risks and the future risks and their
management. Make a productive discussion between the developer and
tester on the risks found in the
05/16/2025 Deptsoftware
of COMPUTER .APPLICATIONS
Session Number
20
05/16/2025 Dept of COMPUTER APPLICATIONS 21
Session Number
Reactive Risk Statergy
It is characterized by addressing risks only when they occur
Thry arise without any prior planning or preparation
Considerd as less effective and lead to increase project risks,delays, and disruption
CHARACTRISTICS OF REACTIVE RISK STATERGY
Reactive Approach
Lack of proative planning
Project disruption and delays
Reactive Resourse allocation
Firefighting Approach
Communication and Coordination challen

05/16/2025 Dept of COMPUTER APPLICATIONS 22

Session Number
Proactive Risk statergy
• Risk statergy invoves identifying and mitigating risks before they accur
• It is more effective than reactive risk statergy
• Emphasizes planning and preparation to minimize the impact of potential risks on
the project
• CHARACTRISTICS OF RROACTIVE RISK STATERGY
• Early identification of Risks
• Quantitative Risk Assessment
• Risk Mitigation
• Contingenency Planning
• Stakeholder Invoivment
• Monitor and Track Risks
05/16/2025 Dept of COMPUTER APPLICATIONS 23
Session Number
Classification based on Identifiabiliyty and
predictability
• Known Risks-Identified through project plan , business and technical
environment. Example- lack of Documented Requirement,unrealistic
Delivery Date,Inadequate Resource Allocation,Technical Complexity

• Predictable Risks- Based on past project experience and similar

situation encountered in previous projects
Example- Staff Attrition, Communication Issues, Resourse Constraints

05/16/2025 Dept of COMPUTER APPLICATIONS 24

Session Number
 • Unpredicatable Risks-Cannot be easily anticipated from past
experiences. Example-Natural disaster,Market change, supply and
vendor issues, cyber security breaches.

05/16/2025 Dept of COMPUTER APPLICATIONS 25

Session Number
Principals of Risk Management

1.Think Ahead
2. Communicate Openly by sharing information with all team member
3. Integrate Risk Management with s/w developement
4. Stay Vigilant by updating the risks
5. Share a common Vission with stakeholders
6.Foster Teamwork by collaborating with stake holders

05/16/2025 Dept of COMPUTER APPLICATIONS 26

Session Number
 Risk Refinement
• Breaking the risks into sub risks and sub conditions which ll lead to a good
approach of understanding , analysing, and monitoring
• Risk Refinement using Condition-Transition-Consequence(CTC)
example-risk of project delay dur to inadequate resource allocation
• Condition- the projet team has insufficient resourses allocated
• Transition- The available resourses are unable to meet the project’ demands
• Consequence-There ia a risk of project delays
Subcondition1-Insufficient skilled staff
Subcondition2-lacks of necessary equipment
Subcindition 3-Dependancies on externsl vendors and stakeholders causing
delay
05/16/2025 Dept of COMPUTER APPLICATIONS 27
Session Number
 • Subcindition4- Inaccurate estimation

05/16/2025 Dept of COMPUTER APPLICATIONS 28

Session Number
Risk Mitigation
• It refers the process of developing statergies and taking proactive
measures to reduce the impact of risks.
• Analyze the potential risk and implement actions to avoid the
negative consequences
• Example- high staff turn over identifies as risk.To mitigate the risk
create a positive work environment, offer competitive
compensation, and provide growth opertunity.
• APPROACHES-
• 1.preventive Measures

05/16/2025 Dept of COMPUTER APPLICATIONS 29

Session Number
 • Contigency Planning
• RISK MITIGATION TECHNIQUES
• 1. Risk Avoidance
• 2.Risk Transfer
• 3.Risk Reduction
• 4. Risk Sharing

05/16/2025 Dept of COMPUTER APPLICATIONS 30

Session Number
Risk Monitoring
It involves closely observing and trackomg identified risks throughout
the project lifecycle
It helps projrct manager stay informed , make informed decisions and
to take appropriate action
Approaches to risk Monitoring
1.Regular Progress Review
2.Risk reporting and documentation

05/16/2025 Dept of COMPUTER APPLICATIONS 31

Session Number
 Risk Monitoring Techniques
• 1. Data Analysis- identify thr trends and patterns or anamolies that
may indicate changes in risk and impact
• 2. Stake holder Communication- with project stake holders, team
members snd subject matter experts
• 3. Risk Triggers and Early Warning signs- it ll control the increasing
risk level by taking the proactive measures
• 4. Risk tracking tools- enable recording, tracking,and visualization of
identidied risks. Theor status and associated actions

05/16/2025 Dept of COMPUTER APPLICATIONS 32

Session Number
Risk Management and Contigency planning
RISK MANAGEMENT -It’s a overall process of identifying,
analyzing,mitigating and managing risks throughout a project.
• Involves understanding, addressing, and responding to the risks
• CONTIGENCY PLANNING
• Process of developing alternative statergies or backup plans to
address unexpected events and risks.
Effective risk management and contingency planning ensures that
risks are properly addressed, monitored and managed by minimizing
the negative effects

05/16/2025 Dept of COMPUTER APPLICATIONS 33

Session Number
Example of contingency planning
1.Data Backup and Recovery
2.Redundancy and failover(using load balancing and clustering
techiniques used to shift back ups if server fails)
3.Disaster Recovery planning
4.Supplier or Vendor Contigency
5.Staffing and Resourse Contigency- (cross –training team member to
handle multiple roles)

05/16/2025 Dept of COMPUTER APPLICATIONS 34

Session Number
RMMM PLAN
• The Risk Mitigation, Monitoring, and Management plan is
Comprehensive document that outlines the statergies, activities
and procedures for handling risks throught the software project
• Once RMMM is documented and the project begins, risk
mitigationand monitoring steps commence

05/16/2025 Dept of COMPUTER APPLICATIONS 35

Session Number
Key component of RMMM Plan
1. Risk Identification
2. Risk projection(Risk Assessment)
3. Risk Mitigation Statergies
4. Risk Monitoring
5. Risk Escalation and Reporting
6. Risk Documenatation
7. Risk management responsibility

05/16/2025 Dept of COMPUTER APPLICATIONS 36

Session Number