RISK

MANAGEMENT
EXPECT THE
UNEXPECTED!
RISK
 What is it? A risk is a potential problem for a software project—it might
happen, it might not. But, regardless of the outcome, it’s a really good idea to
identify it, assess its probability of occurrence, estimate its impact, and establish
a contingency plan.
 It can also be defined in the following way “ An uncertainty that can positively or
negatively impact project objectives.”
 A risk is an unforeseen event with probability that some adverse circumstance
can occur.
 Project risks affect schedule or resources
 Product risks affect the quality or performance of the software being developed
 Business risks affect the organisation developing or procuring the software

 Who does it? Everyone involved in the software process— managers, software
engineers, and other stakeholders—participates in risk analysis and
management.
2
IMPORTANCE
 Understanding the risks and taking proactive measures to avoid or
manage them—is a key element of good software project
management.
 A project without a risk management plan can find itself in serious
trouble that could have been avoided if the project team had
addressed its development risks more systematically and followed
its plans.
IMPORTANCE OF RISK
MANAGEMENT
 IT projects face high risks due to:

• Rapidly changing technologies.

• Ambiguous user requirements.
• Complex integrations.
 Effective risk management improves:

• Project success rates.

• Stakeholder confidence.
• Cost and time efficiency.
 EXAMPLE
A

Project
Challenger
Failures due
Space Shuttle
to poor Risk
Intel Pentium Processor Disaster (1986)
Managemen
Bug (1994) t

B
 TYPES OF RISKS
 There are various types of risks associated with software projects. Here are some
common categories of risks:
 Technical Risks: These risks are related to technical aspects of the software
development process. They may include challenges with software architecture,
integration issues, performance bottlenecks, compatibility problems, and
scalability concerns.
 Requirements Risks: Risks in this category arise from unclear, incomplete, or
changing requirements. These risks can lead to scope creep, misunderstandings,
and conflicts among stakeholders, impacting project timelines and deliverables.
 Schedule and Resource Risks: Risks associated with project schedules and
resource allocation involve factors such as unrealistic deadlines, inadequate
resource planning, skill gaps, and unexpected changes in resource availability.
These risks can result in project delays, overburdened team members, and
compromised quality.
 Organizational Risks: Organizational risks stem from factors within the
organization itself, including poor communication, ineffective project management,
lack of stakeholder involvement, and inadequate governance. These risks can
hinder collaboration, decision-making, and overall project success.
 Financial Risks: Financial risks involve budget overruns, cost estimation errors,
unexpected expenses, and changes in funding or financial circumstances. Failure to
manage these risks can impact the project's financial viability and the
organization's financial stability.
 External Risks: External risks are associated with factors outside the
organization's control, such as changes in regulations, market conditions,
technological advancements, and third-party dependencies. These risks can
introduce uncertainties and challenges that impact project delivery.
INTRODUCTION TO RISK
MANAGEMENT
 Project Risk Management

Processes for identifying, analyzing, and responding to risks.

Goal: Maximize positive risks (opportunities) and minimize negative risks
(threats)
More concisely we can say;
“Project Risk Management is the process of identifying, analyzing, and
responding to project risks to minimize negative outcomes and maximize
opportunities.”
◦ Software risk management is the process of identifying, assessing, and
mitigating risks associated with software development and maintenance of
projects.
◦ It involves systematically identifying potential risks, analyzing their impact
and likelihood, and developing strategies to minimize or eliminate them.
THERE ARE SIX MAJOR PROCESSES OF
PROJECT RISK MANAGEMENT:
 Planning Risk Management
 Identifying Risks
 Performing Qualitative Risk Analysis
 Performing Quantitative Risk Analysis
 Planning Risk Responses
 Controlling Risks
KNOWLEDGE AREA TO PROCESS
MAPPING

CONTROL
RISK
 PLAN RISK MANAGEMENT
 Plan Risk Management is the process of defining how to conduct risk
management activities for a project.

 Inputs:  Tools And Techniques

I. Project Scope Statement I. Data Analysis

II. Cost Management plan II. Meetings
III. Schedule Management plan  Outputs:

IV. Communication Management Risk management

plan plan
V. Enterprise Environmental
Factors
VI. Organizational Process Assets
EXAMPLE OF RISK BREAK
DOWN STRUCTURE
IDENTIFY RISKS
 Identify risks is the process of determining which risk may affect the project
and documenting their characteristics
IDENTIFY RISKS
 Inputs:

I. Risk management plan

II. Activity cost estimates
III. Agreement
IV. Organizational process assets
V. Project Documents
 Tools and Techniques:

I. Data gathering
II. Prompt List
 Outputs:

I. Risk register
PERFORM QUALITATIVE RISK
ANALYSIS
 Perform Qualitative risk analysis is the process of prioritizing risks for
further analysis which involves combing their probabilities of occurrence
and impact.
PERFORM QUALITATIVE RISK
ANALYSIS
 Inputs:

I. Risk Register
II. Risk Management Plan
III. Project Scope Statement
IV. Organizational Process Assets
 Tools And Techniques

I. Risk Probability and impact assessment

II. Probability and impact matrix
III. Risk data quality assessment
IV. Risk categorization
V. Expert judgement
 Outputs:

I. Risk register updates

RISK PROBABILITY AND
IMPACT ASSESSMENT
Assess risk by:
Probability : Likelihood of occurrence
Impact : Effect on project objectives
risk6 risk9 risk1
Probability

High risk4

risk3 risk2
Mediu risk7 risk5
m risk11
Risk8 risk12
Low risk10

High Medium Low

Impact
PERFORM QUANTITATIVE
RISK ANALYSIS
 Perform quantitative risk analysis is the process of analyzing
numerically the effects of the analyzed risks on the project objectives.
 It provides quantitative approach of decision making when risks are
involved.
PERFORMING QUANTITATIVE RISK
ANALYSIS
TOOLS AND TECHNIQUES
Data Gathering & Representation:
• Interviewing: Expert insights for estimating risks.
• Historical Data: Use past projects to predict outcomes.
Quantitative Risk Modeling:
• Monte Carlo Simulation: Simulates multiple scenarios to predict
outcomes.
• Decision Tree Analysis: Models decisions, assigning probabilities and
values.
• Sensitivity Analysis: Identifies key risks with the highest impact.
Expected Monetary Value (EMV):
• Formula: EMV = Probability × Impact
• Example: 20% chance of risk, $50,000 impact = $10,000 EMV.
EXPECTED MONETARY
VALUE (EMV)
DECISION TREES
PERFORM QUANTITATIVE
RISK ANALYSIS- DECISION
TREES

Decision Node

Chance Node

End of branch
PLAN RISK RESPONSES
 The process of developing options and actions for opportunities and threats.
 Inputs:

I. Risk Register
II. Risk Management Plan
 Tools and Techniques

I. Contingency Response Strategies

 Outputs

I. Risk register updates

II. Risk related contracts
III. Project management updates
IV. Project document update
PLAN RISK RESPONSES
 Strategies for Negative Risk

Avoidance: Eliminate the risk

Mitigation: Reduce probability or impact
Acceptance: Acknowledge risk with no action
Transfer: Shift risk to another party (e.g., insurance)
 Strategies for Positive Risk

Exploit: Ensure the opportunity occurs

Share: Partner to enhance the chance of success
Enhance: Increase probability or impact
CONTROL RISKS
 Monitor and adjust risk responses
 Update risk register regularly
 Track performance through:

Risk audits
Variance and trend analysis
 Communicate changes to stakeholders
TOOLS AND TECHNIQUES
 Risk Register: Document containing identified risks, their assessments,
and planned responses.
 Risk Breakdown Structure (RBS): Categorizes risks into a hierarchy.
 Software Tools: Risk tracking and simulations.
 CONCLUSION

Risk management isn’t just a task—it’s a mindset. By

transforming uncertainties into opportunities, teams pave
the way for success.
Quote:
“Failing to plan is planning to fail.”
Key Takeaways:
Risk management is integral to project success.
Proactive identification and planning minimize
disruptions.
CONTROL
Continuous monitoring ensures effective risk response.
RISK
With the right tools and approach, risks become stepping
CASE STUDY
 Scenario:
A health-tech startup is developing "MediTrack+", a cross-platform
(iOS/Android) mobile app that allows users to track their chronic health
conditions (e.g., diabetes, hypertension, asthma). The app enables users
to log daily vitals, receive medication reminders, share health reports with
doctors, and get AI-generated health insights.
 The team also aims to integrate with wearable devices (like Fitbit, Apple
Watch) and support telemedicine chat/video consultations through
third-party APIs.
 Key Details:

• Team Composition: 7 people — 4 developers, 1 product manager, 1 UI/UX

designer, 1 part-time medical advisor.
• Target Launch: 9 months from project start.
• Key Features:
• Daily health tracking (blood pressure, glucose, heart rate, etc.).
• Smart medication reminders and refill alerts.
• AI-based health insights from user data trends.
• Doctor-patient messaging and video consults (via third-party API).
• PDF report generation for medical check-ups.
• Data sync with wearables and cloud backup.
 Challenges:
 No previous healthcare app experience.
 Requires HIPAA/GDPR compliance.
 Must implement secure authentication and encryption.
 Budget constraints: limited testing devices, minimal marketing.
 Planning to launch a closed beta in 5 months.
Risk Type Examples Justification
Integrating with multiple
wearable APIs can be
Wearable device complex. Ensuring
Technical integration; AI health accurate AI
insights recommendations requires
data quality and medical
validation.
Tight timeline for a
5-month beta, 9-month full healthcare app with
Schedule
launch compliance and security
constraints.
Medical data is sensitive;
Data privacy, secure app must ensure
Security
messaging, authentication encryption, secure login
(2FA), and data protection.
Legal consequences for
mishandling data. Requires
Regulatory HIPAA/GDPR compliance
thorough documentation
and audits.
Developers may
misinterpret medical
Lack of healthcare domain
Operational needs or standards. The
experience
part-time advisor may not
be enough.
Limited testing devices,
Small team, budget minimal QA budget, and
Resource
constraints small dev team may delay
feature completion.
Competing against major
players (e.g., MyChart,
Competing with
Market Apple Health) requires
established apps
unique value or
partnerships.