Risk Management in Software Development Projects

Risk management in a software development improves performance and efficiency, also helps to reach target and goals in the correct way. It reduces the chances of undesira le things taking place or reduces the effect if they do happen. !hus provide a greater control over the outcomes. Reduces shocks and increases likelihood of success in software development. What is a Risk? " risk is an uncertain event or condition that affects the project. Risk is possi ility or any deviation from what is planned. It is something which may or may not happen ut if it happens then it impacts the project. It has the potential impact on time, cost etc. #ot all the risks are negative. !here can e positive risks too. In one hand, negative risks ring threat on the other hand positive risks rings opportunity. $" person who can foresee pro lems % difficulties and identify proactive solutions will live happily&'(hanakya )*+,'-.* /(0 "uthor of "rtha Sashtra. 1e face risks all around us. In cricket, /atsman take a lot of risk efore hitting a si2. Marriage can e considered as a huge risk as we do not know what our partner is e2actly like. Investing in stock is a risky thing as we do not know whether the share prices will rise or fall. (hanging a jo is a risk as we do not know a out our new environment. 3ven going to office is even a risk ecause of the accident prone high traffic roads. !here are risks all around us. "n interesting fact says that cat drinks milk closing its eye ecause it does not want to get distur ed y the surrounding and enjoy the taste of milk completely. So, when any ody comes to eat him it remains unnoticed to the cat. 4ence, it is eaten easily. !he moral is we should not e so much involved in current successes that we forget to plan the future risks. 1e must always e ready with a risk management plan. 5rganisation must undergo risk management in order to protect their usiness and asset from threats. In I! industry a weak password is a risk as there is a likelihood that a hacker might harm the industry y losing data secrecy. In software development we can have strategic risks like having a new competitor in the market, or financial risks like non'payment y a customer or client or we can have operational risks like theft of e6uipment or failure of hard drive etc. What is risk management plan? If you need water today, you should dig well yesterday&'5ld (hinese prover . Plan for the risk in the eginning and keep reviewing the plan throughout the project. Do all your risk management y meeting with the team and keep meeting them throughout the project. !he meeting not only helps the project manager to understand the technical difficulties ut also help him to further

improve the plans continuously in a way that is more suita le to the efficient working of the team. It actually diminishes the gap etween reality and ideal. "ccording to the famous prover $If you fail to plan then you are planning to fail.& /ut what goes into Risk Management Planning are as follows7 Planning ' It clearly shows that you have plans and vision of the future. 8ou must divide the project time into su categories. !he project must e su divided among the team with the specified time. 1e must inculcate the time for testing and many other critical factors. 1e must e ready for the fact the time will cross the deadline or any of the une2pected risk will cause pro lem. 1e must e ready for the worst thing to happen during project and have even ackup plans and alternatives availa le. Roles and responsi ilities'!he project must e divided among the team where each mem er must have a definite role. !he roles and responsi ilities must e decentralised and none should have a very ig say in the project in a way that he could possess a threat in completion of project and all work goes in vain. !he project manager must e known to the fact that e2actly how many mem ers are needed for which work, as if there is a fewer mem er then it will create a lot stress on the employee and if there is are large mem ers then it will slow down the progress rate ecause of miscommunication or gap and delay ecause the work has to e passed from a large num er of heads so the process ecomes time taking. "nd oth the cases are inefficient and undesira le. So there must e proper roles and responsi ilities. Risks Related to IT project !echnical 3nvironment' 3nvironment in I! industry is never sta ilise, one has to always find new ways to adapt to fit in the changing scenario. So, it ecomes very difficult for any mem er to set up his mind in such an environment. Information Security' It is very much necessary in the I! industry to secure the Data or program from getting leaked. Programming 9ogic' this is also a risk in I! industry as suppose a program is made with a logic that it supports ::: varia les. If there is more than ::: varia les then the program fails ecause of the programing logic. Infrastructure' It is also a risk that the infrastructure is ca le of supporting the growth. Many times the infrastructure is in sufficient to handle the growing num er of employees and hence project manager finds it difficult to accommodate all the mem ers with sufficient facilities. !echnology itself is a risk. Suppose tomorrow a new more eautiful language than ;"<" arrives or some ody develops a new ugs or virus in java coding .!hen whatever our work done in ;"<" ecomes o solete. So depending on only one language makes the company really suffer and it ecomes a ig threat. So the organisation must e fle2i le enough for multiple programming language and should e ready to welcome and adapt the newer technology. !echnical architecture should e made in a way that it can welcome the near future technology very easily. <olatile Re6uirements' the Re6uirements are changing continuously. 1henever marketing staff, customers and users recommend new features or demands

something new, whole working plans had to e changed. !he management in software companies actually never sta ilise ecause of fluctuating demands and changing working scenario. Poor planning' the plans made at software companies aim to shorten time to market interval y scheduling tasks in parallel using iterative and spiral techni6ues. !hese plans not only stress their employee and more pro a le to fail ut also demand more from the employees and many a times forces them to switch companies. "ll ecause of poor planning. Plans should e like a living document, iterating and evolving over time. How to identify Risks Since all the risks cannot e mitigated so it is very important to have a close monitoring over the risks is e2tremely important in order to control or manage the risks. Project manager must identify the places where the organi=ation is vulnera le to the risks y thinking what could happen in future. (reate an atmosphere where team mem ers are comforta le ringing up potential risks. "ll ideas should elong to the team and not to the individual. "nd including right people is also necessary otherwise all might come up with the risks which are not so much relevant to the company. /rain Storming' It is a group activity, it involves with people and ask each mem er of the team what risk they think can impact the company. "s they will e working on the project so it is very much necessary to know their views on risks they think of. Project Manager should encourage the team mem ers to share their views on the risk regarding the project, it helps to come up with thoughts that the project manager could never have thought of. So asking everyone is important to get many angle viewing of the project risks. It also helps in making the mem ers start thinking of the Risks and get a wider range of opinion on the su ject. Delphi method' It involves the e2pert advice who has done similar project earlier. "nd ask them how they have managed the use of new technology>s risks. 9ook at the surveys regarding the su ject matter and try to learn from the past as much as possi le. !he mistakes must not e repeated again and we must learn how to tackle with the risks. ?ilter which risks actually impact your company the most and which risks are more pro a le. "ll these will help you significantly to come up with a perfect plan. Interviews may e done with the different people face to face and tell them a out your project and ask them their opinion on what may go wrong. "s many views so many new plans and improvements. S15! "nalysis'it is analysing any scenario and study what are the strengths, weakness, and opportunities or threats associated with the project from any activity of the project. Root cause identification is also very important for solving any pro lem. If we catch hold of the root cause then we would e a le to solve the pro lem much earlier and smoothly. So it is advised to have a checklist analysis so that you can count all the possi le risks and threats so that you are ready for managing them. Identify the !rigger on time, we must o serve what is happening around. 1e must know the time of arising of pro lems and then try to find a pattern in them regarding time. ?or e2ample suppose a we site may crash during (hristmas, the

potential response may e to get additional andwidth from service provider and the root cause is that the we site is designed for only average visitor traffic during normal days. So if you fore see the pro lem then you will get the potential response efore anything wrong like crashing of the we site occurs. So if you are ac6uainted with the pro lem and have planned efore. !hen look for the trigger point to overcome the risk nothing wrong happens. !hat is the power of planning. What are the different ways to manage the Risks? Make sure that the information in the risk register is correct, a wrong data leads us to a wrong conclusion and e2amine carefully how likely risks are going to happen and how ad it will e if they do. It could e a financial impact or it could e an impact on the schedule. If it is a financial impact then o serve whether it is effecting ten percent of the udget or fifty percent of the udget. It is always good to e ready for any risk. Risk response can have many things involved. !he first and most simple way thing to deal with the risk is to just avoid it. !his is also called eliminate. It might look as the safest way ut this is not profita le in all cases. It is working on plans that the risks is less likely to occur or to repeat. !he second approach towards risk planning is mitigate, this is also known as reduction. In this approach towards risk response we take action that will cause little impact to the project. It just reduces the impact and not the pro a ility of occurring of risk. It makes the outcome less severe. ?or e2ample for the threat of spyware or malware we install antivirus software. 3ven we try to mitigate a lot of risks, it is practically not worth to your time and money to mitigate all the risks. Software companies uses a cost enefit analysis to determine whether a risk is worth mitigating or not. It is more concerned with the impact of the risks. !he third way of risk response is transfer, here you give someone a part of the profit in order to reduce the risk. !his is done y to pay someone to accept it for you. !he most common way is to outsource or to uy insurance. !ransfer helps in minimising the risks. !his is done y having an outside authority to handle the risk for you. !he fourth way to response to a risk is to accept when you do not do anything. 3ven when we accept the risk, at least you have looked at all the alternatives and know what will happen if it occurs. @S Department of Defence calls these four categories as "("!'"void, (ontrol, "ccept and !ransfer. Critical Success factors for effecti e Risk !anagement 5rgani=ation culture and organi=ation structure are a key factor for any risk management for an organi=ation. "s an organi=ation is investing a lot of money to come up with a product, there is always a risk of the product failing or launch ecomes unsuccessful. Structure means whether it is a ?lat structure or a hierarchy structure. In a flat structure it is very easy for anyone to give decisions immediately whereas any functioning in a hierarchy structure take a longer time ut a etter decision can e e2pected as it is eing reviewed many times. (ommunication and trust is also a critical factor for effective risk management as any organisation is made up of people and it cannot e productive unless they have trust on each other, their methodology and the Project Manager. "lso a

communication gap due to any reason uilds a igger pro lem and can even lead to failure of the project. "est #ractices in Risk !anagement Project manager must understand the * P>s of Software management i.e. A Processes, Products and People. If they are managed well a lot of risks are handled automatically. Recognise the good processes and add value. Making people use the process is a challenge and it can e resolved y making your process as the most preferred way of usiness. "dding value is only possi le when we use the process to learn from the oth positives and negatives. It is performance that makes or reaks the product from customer>s view. Planning must e done for risks. So there should e continuous product improvement going on ecause 6uality makes a difference etween your product and others in the market. People is the greatest asset of any company. So, it is always advised to reward your top performers and commit to a personal growth. Identify Risks in the earlier part of the project. Plan eforehand what pro lem could possi ly arise. ?or e2ample a computer can e affected y malware, spyware, theft or other hardware failure or even loss of internet connectivity. (ommunicate with the stakeholders a out the risks. /uild ridges through open communications. Simulate a free e2change of information across the organisation. ?or each risk there must e someone who is clearly responsi le, accounta le, consulted and then informed )R"(I0. Someone who has a plan for a risk, whom we can ask something if risk possess threats and consult what should e done in action and informed him if the risk happens. 1e need to understand the priority of the risks. Some of the risks might have a large impact ut it is very likely not to happen then we can give such a risk a lower priority. Strategies are not just important, Risk Management strategies must e implemented to get results. Maintain risk register throughout the project life cycle and do not forget a out residual and secondary risks. !ry to work on all the relevant risks where consider oth threats and opportunities. Common !istakes in Software !anagement #lans (hoose wisely the num er of person in any project. ?red /rooks mentioned this famous mistake as the $pregnant woman& mistake. "s a woman can have a a y in nine months does not mean that nine woman can have a a y in one month. !he idea is adding more and more people in a project does not means that the project will e completed 6uicker. !he mathematics does not works directly here. !his is ecause every person we add to the project also add friction to the project as well. In fact there e2ists a tripping point after which adding more person actually slows down the progress more than it speeds up things. 1e must e cautious in appointing num er of person to a project. Wrong $ata Interrelation

Many times, data are made to e interpreted according to our will. Such a Data does not give any useful meaning. So the organi=ation makes many wrong decisions ased on wrong metrics rather than right one due to convenience. It is very difficult to understand the num ers. ?or e2ample, In case of a B ug ticket> the helpdesk closes the ticket of things that are not actually fi2ed causing proliferation of tickets. !he organisation open as many as tickets as possi le and closes them as 6uickly as possi le in order to have a high resolution rate. !hus the metric it makes is actually unrelia le and should not e used y managers. Inappropriate time %oals 3ven if we account for the things that alter timelines or priorities, there is a very small pro a ility of things occurring on time as the manger has planned. So some e2tra time must e taken care so that it can e managed in case of time shortage. Projects must e divided into smaller component tasks in order to distri ute time all over the things including all tests and complete procedures, otherwise a vague description of time like two weeks often shorts as it does not involve sufficient time for all procedures. So make appropriate time goals to prevent deadlines from lowing away. #oor Communication " lot of mistrust arises ecause of the fact that usiness people does not know what is going inside the project. So the mangers do not feel a good control over the project. So the managers start forcing the project in a direction as they like. !his creates an atmosphere of stress and mistrust. So it is easier to mitigate the pro lem y communicating people the current stand of the project and informing the progress and the status of the project. Creating a wall of process " company is likely to have created a large num er of process in the way they work. Sometimes most simple changes even re6uires the re6uest form to e filled up, signed and countersigned y a lot of managers. !hese processes limits the smoothness of a project and makes the atmosphere as counterproductive and hostile. !ulti&Tasking !he more people are asked for multi'tasking, their performance ecomes poorer. !hey take longer time to finish their project. It is not a good idea to demand more from people. Demanding more from people makes them slow and makes them non'productive. 3ven in some cases it forces them to switch jo s.