Subject: Software Engineering

Topic: Risk Management

Difficulty: High

“Risk is future uncertain events with a probability of occurrence and a potential for loss”.Risk identification and management are the main concerns in every software project. Effective analysis of software risks will help to effective planning and assignments of work.

Categories of risks:

Schedule Risk:

Project schedule get slip when project tasks and schedule release risks are not addressed properly. Schedule risks mainly affect on a project and finally on company economy and may lead to project failure.

• Schedules often slip due to following reasons:Wrong time estimation Resources are not tracked properly. All resources like staff, systems, skills of individuals etc. Failure to identify complex functionalities.Unexpected project scope expansions.

Budget Risk: Wrong budget estimation. Cost overruns

• Project scope expansion

Operational Risks:

Risks of loss due to improper process implementation failed system or some external events risks.

Causes of Operational risks:

• Failure to address priority conflicts

• Failure to resolve the responsibilities

• Insufficient resources

• No proper subject training

• No resource planning

• No communication in the team.

Technical risks:

Technical risks generally lead to failure of functionality and performance. Causes of technical risks are:

• Continuous changing requirements

• No advanced technology available or the existing technology is in initial stages.

Programmatic Risks:

These are the external risks beyond the operational limits. These are all uncertain risks are outside the control of the program.

These external events can be:

• Running out of the fund.

• Market development

Other Unavoidable Risks

All the risks described above are those which can be anticipated to a certain extended and planned for in advance. However there are certain risks which are unavoidable in nature.

The reasons for such unavoidable risks are described below.

• Changes in government policy

• Obsolescence of software due to new technology from a rival company

Risk-Based Testing: Risks are assessed and managed roughly in 2 phases of our Software Test life cycle. STLC can be categorized into 3 phases -Test planning, Test designing and Test execution.

The risk management process occurs twice, during:

• Test planning

• Test case design(end) or sometimes in the test execution phase

It is mandatory in case 1 but with case 2 it is more of a ‘need-basis’ situation.

Risk identification

This stage involves making a list of everything that might potentially come up and disrupt the normal flow of events.

The main outcome of this step is a list of risks.

This risk-based testing step is commonly led by the QA lead/Manager/representative. This is a collective activity led by the QA lead.

Risk assessment/Risk impact analysis

Risk Analysis in software testing:

All the risks are quantified and prioritized in this step. Every risk’s probability (the chance of occurrence) and impact (amount of loss that it would cause when this risk materializes) are determined systematically.

Risk Mitigation

The final step in this Risk Based Testing (RBT) process is to find solutions to plan how to handle each one of these situations. These plans can differ from company to company, project to project and even person to person.