Monday, February 25, 2013

Risk Management Deliverers

List two or three risk management deliverers that you have seen or produced during a past or current project (such as: risk list, risk status report, risk management plan, expected value report, risk monitoring report, risk response form, etc.).

Describe their effectiveness.                                                        
When during the project life cycle were they developed?
How much training did those involved in the related processes receive?

Risks are part of every project. For a project to be successful, the key is not to avoid risks, but to know and understand them. A risk is the probability of occurrence of a condition or event that would negatively affect the project development process. Risk management involves identifying, understanding, and managing known risks so that the possibility of fulfilling the project objectives is increased.

The reality and challenges that are faced while applying software risk management processes are a problem, especially when it comes to incorporating the risk management process to the software development organization. In spite of all these difficulties, using risk management techniques and tools in project development processes is very beneficial (Kwak & Stoddard 2004).

Risk definition starts with identification of risk. This step helps in recognizing the probable losses and their reasons. To implement efficient risk management process, the project members must have an overall perspective about the software developmental project. Risk assessment is done to establish the chances for potential loss occurring if the risk actually materializes (Jones 1994).
The next step is the mitigation step which involves development of a risk avoidance plan; following which is the last step responsible for execution of the both the risk mitigation and risk avoidance plans. These steps pave the way for a thorough description of all the risks. The risks are all documented in a Risk List.

The list must have all the risks including definition, likelihood, consequence, indicators, risk ranking, contingency plan and mitigation strategy (Boban et al. 2003). Creating a risk database does not necessarily involve technology. You can even use index cards, although it would mean that functions like searching, sorting, and linking would become a challenge and may lead to errors. Risk lists may be implemented effectively using Microsoft Excel or even Microsoft Word. We were able to implement it effectively using Microsoft Project. 

Another risk management deliverable we used is Risk Status Reporting. This should function at two levels-external and internal. In case of IT operations, it operates at the internal level, and here risk status reports must consider four probable risk management situations for every risk. The four possible situations are resolution, contingency, valiance, and changeability.  Risk reporting includes recording, collecting, and reporting various risk assessments.
It is important to monitor the results and assess the competence of existing plans. Risk reporting help in providing a foundation for assessing the project updates. As risk reports are formal records they ensure that the risk assessments are comprehensive. Although it requires continuous planning and supervision, this approach can enable the risks to be alleviated in the beginning phases of software development when costs for such software projects are still low.

We developed these risk management deliverables after we formed the objectives and activities of the project. The project life cycle includes a step where potential challenges are identified and a contingency plan is developed. This is where we conduct a risk assessment and reporting and use deliverables like risk lists and risk status reports.

For the implementation of the risk management to be successful, the organization defines management roles for the project. Specific project members must be appointed whose foremost activities are related to risk management of the software development project. It is their responsibility to constantly identify risks and activities related to risks.
All the project stakeholders share the responsibility for risk management. However, the Project Direction is the one who decides whether to move forward with the mitigation strategies and implement contingency places. This is especially true for cases which have requirement of additional costs.

The solution to efficient risk management lie is the identification and mitigation of true risks and formation of a contingency strategy if the potential risk develops into a reality (Charlotte 1989).

  • Boban, M., Požgaj, Z. and Sertic, H. (2003). Strategies for Successful Software Development Risk Management. Management, 8 (2), p. 77-91.
  • Charette, R. (1989): Software Engineering Risk Analysis and Management. New York: McGraw Hill.Jones, C. (1994): Assessment and Control of Software Risk. New York: Prentice Hall.
  • Kwak, Y.H. and Stoddard, J. (2004). Project risk management: lessons learned from software development environment. Technovation, 24, p. 915-920

Elad Shalom,
CTO at