Project risk is not a new word in the Software Development world. Every software development project contains elements of uncertainty e.g: budget, resource, deadline, scope, technology etc, this is known as project risk.
It’s not enough just to be aware of the risk but the success of a software development project depends on how you have taken the proactive actions on it and how you have mitigated the risks, otherwise it can lead projects to terminations, discontinuities, schedule delays, over budget, and overrun of project resources.
Risk management means identifying risks, jotting down the risks, and actions on mitigation. There are few things that need to be considered first.
- Identifying the risks
- Classify and prioritize all risks
- Craft a plan that links each risk to a mitigation
- Monitoring the risk triggers during the project
- Implement the mitigating plan / action if any risk materializes
- Communicate risk status throughout project
How to calculate Risk Exposure
To make it more visible to everyone and better analyze, you can follow a proven tool with the following attributes:
Possible Risks – details of the risk
Areas of Risks – classification of the risk
Risk Probability – probability that the risk will materialize (0 < 50%, 50%, 50 > 100%)
Risk Impact – probable impact on the project if the risk materializes
Risk Exposure – probable loss size (hours / day / week)
Impact Area – possible common areas (time, budget, quality)
Risk Outcome – risk status or outcome due to the impact
Recognition Date – when identified and acknowledged the risk.
Risk Neutralized – its mitigating options which includes
- Accept: acknowledge that a risk is impacting the project. Make a decision to accept the risk without any changes to the project. Manager, project manager, and finance department approval is mandatory here.
- Avoid: adjust project scope, schedule, or constraints to minimize the effects of the risk.
- Control: take action to minimize the impact.
- Transfer: implement an organizational shift in accountability, responsibility, or authority to other stakeholders that will accept the risk.
- Continue Monitoring
Risk neutralized date – date when risk has been neutralized
Owner – owner of the risk who plan and take action
Comment – comment with details
Risk exposure calculation example
Risk exposure is comprised of two independent variables:
- Risk Probability
- Risk Impact
Here is the formula to calculate:
Risk Exposure = Risk Probability (%) x Risk Impact (hours, day, week)
Let’s look at a simple example. In this case, we will use the risk that we have planned to develop a custom wordpress plugin within 60 hours and we have to deliver it within 8 days considering one full time resource (7.5 hours) but assuming that we may not get that resource for full time due to some urgency to another project, in that probable case we will be able to utilize that resource each day for half day (3.75 hours/day).
Then the intensity of this probability will be = Medium (50%)
Then the total impact will be = estimated hours / resource available hours to work on this project
= 60 / 3.75
= 16 days
Risk Exposure Rating = 50% Probability x 16 days Impact = 8 days risk exposure
That means we need additional 8 days to complete this project with half day resource availability.
Be proactive in identifying the risks from the lead phase to proposal phase. Even if you mitigate all the risks and there are no risks, the middle of a project, end of a project, or anytime, uncertain risks can arise, so you have to follow the same process again. So monitoring and crafting a proper plan and communicating to mitigate the risks are important.