| Importance of risk analysis in software projects can | | | | 4) Risks related to Software Engineering Process: |
| be judged from the fact that, no Software | | | | Clear cut definition of the entire process of software |
| Development Life Cycle is viewed as complete unless | | | | engineering is of paramount importance for the |
| it has passed through active consideration to areas | | | | success of the product. A badly planned process will |
| having several types of risks associated with them. | | | | result into a software product posing great threats to |
| The vulnerable areas covered under the process of | | | | itself as well as to the organization. |
| risk analysis are | | | | Following guidelines / checklist can be helpful in |
| 1) Assessment of Risk | | | | identifying the software engineering related threats |
| 2) Characterization of Risk | | | | & planning their counter measures. |
| 3) Communication of the Risk | | | | - Ensure the availability of a documented process |
| 4) Risk Management | | | | planned for the development of the software product. |
| 5) Defining the Risk Related Policies | | | | - Ensure that all the participants of the product |
| Following terms related to Risk Analysis need to be | | | | development team (whether in-house or third party |
| understood clearly | | | | peoples) is religiously following the documented |
| Let us try to understand as to what is Risk Analysis? | | | | process |
| It is a technique employed to identify and assess | | | | - Ensure the availability of a mechanism for monitoring |
| various factors, which may jeopardize the success of | | | | the activities & performance of third party |
| a project or achieving a goal. These factors can pose | | | | developers & testers, if any. |
| some sort of threat to the project. Thus risk analysis | | | | - Ensure the active participation of someone who can |
| covers the process of scientific assessment of such | | | | regularly monitor the technical reviews conducted by |
| threats vulnerable to the attainment of the | | | | the development teams as well as the testing teams. |
| organizational goals. | | | | - Ensure the proper documentation of outcome of the |
| Risk analysis technique is helpful in defining preventive | | | | technical reviews detailing the resources deployed to |
| measures to reduce the probability occurrence of such | | | | unearth what type of software bugs. |
| threatening factors. It includes identification of various | | | | - Ensure the availability of a configuration management |
| countermeasures to successfully deal with such | | | | mechanism for ensuring adequate consistency in |
| constraints with an objective to avoid devastating | | | | design, development and testing of the product in line |
| effects on the organization's competitiveness in the | | | | with the basic requirements already defined. |
| trade. | | | | - Ensure the availability of a mechanism to handle the |
| One of the risk analysis technique gaining popularity in | | | | changes in product requirements raised by the |
| IT sector is known as FRAP - (Facilitated Risk | | | | customer from time to time. Such system should be |
| Analysis Process) | | | | able to analyze the impact of such changes on the |
| What is Risk Assessment? | | | | software product |
| Risk assessment involves finding out the quantity and | | | | 5) Risks related to the Technology of Development: |
| quality of risk associated with a situation of known | | | | Many times technological factors also pose great |
| threat. It covers thorough evaluation of existing security | | | | threat to the success of the software product. |
| & environment related aspects with a view to | | | | Following guidelines / checklist can be helpful in |
| assess the probability of harmful effects of the threats | | | | identifying the technology related threats & |
| to the organization. Risk assessment is the first and | | | | planning their counter measures. |
| foremost step in a risk management process. | | | | - An absolutely new technology being used for building |
| What is Business Impact Analysis or BIA? | | | | the software application can be a threat to the |
| Business impact analysis refers to the process of | | | | organization. |
| finding out the functions critical to the operations of the | | | | - Unless proper interface is developed between the |
| organization. The outcome of business impact analysis | | | | software & hardware of some new |
| effort is having differentiation between critical and | | | | configurations, there can be a cause of threat. |
| non-critical functions in the organization. A function is | | | | - Unless function, performance and interface of the |
| viewed as critical when its implications are | | | | database system has been proven across the |
| unacceptable to the organization, or when it is dictated | | | | application area in question, there can be a cause of |
| by the law or demanded by the customer or having | | | | threat. |
| constraint of internal operations or having unacceptable | | | | - Requirement of some absolutely new or highly |
| financial implications. | | | | specialized interface as expected by the product can |
| What is Risk Management? | | | | also pose a threat |
| Risk management is a structured methodology of | | | | - Demand of some specialized requirements of |
| handling uncertainty associated with a threat. Risk | | | | particular type of design and testing tools and |
| management includes development of strategies to | | | | techniques can be a cause of concern or risk. |
| handle the risk either by | | | | - Too much of structured requirements imposed by |
| - Transfer of the risk to some other party | | | | the customer can a lot of pressure on the |
| - Taking actions so as to completely avoid the risk | | | | performance of the product |
| - Taking measures aimed at reducing the damaging | | | | - Inadequacy of productivity-related metrics and quality |
| effects of the inevitable risk | | | | related metrics available to the product development |
| - Taking decision to accept some or all of the | | | | teams can pose risk of emergence of poor quality |
| consequences of a particular risk. | | | | product |
| Few of the Risks associated with software product | | | | 6) Risks associated with development & Testing |
| are described as under: | | | | Tools: |
| 1) Risks related to the Size of the Product: | | | | Different types of development and testing tools can |
| The size of the software product also can pose | | | | also be a cause of concern many a times during the |
| threat when it gets subjected to unexpectedly high | | | | SDLC. |
| deviation compared to the expectations. As a best | | | | - Use of some typical methods for analysis can be a |
| practice, the expectations from the product are | | | | cause of concern. |
| compared with similar situations encountered in the | | | | - Use of some typical methodologies for |
| past & learning from the past happenings. | | | | documentation can be a cause of concern. |
| Some of the risks associated with the size of the | | | | - Use of some typical methods to design the test |
| software product can be: | | | | cases can be a cause of concern. |
| - Judgement on the size of the product can be a | | | | - Use of typical tools for managing the project |
| threat | | | | activities can be a cause of concern. |
| - Judgement on the number of users using the product | | | | - Use of particular tools for configuration management |
| can be a threat | | | | during the SDLC can be a cause of concern |
| - Judgement on the size of the associated database | | | | - Use of particular tools for prototyping purposes can |
| can be a threat | | | | be a cause of concern |
| - Uncontrolled changes in the product requirements can | | | | - Use of particular tools for providing support to the |
| be a threat to the product size | | | | software testing process can be a cause of concern |
| 2) Risks having Impact on the Business: | | | | - Use of particular tools for managing the |
| There are certain types of threats or risks, which can | | | | documentation can be a cause of concern |
| have effect on the performance of the business. Such | | | | 7) Risks related to the developmental Environment: |
| risks are like: | | | | Environment provided for development of the product |
| - Quality of the software product having an impact on | | | | also plays a key role in the success of the product. |
| revenue of the company. | | | | Some of the factors or situations described below can |
| - Product delivery dates having impact on the | | | | pose certain amount of risk. |
| company business, including costs of delayed delivery. | | | | - Availability of an adequate tool for the management |
| - Inconsistent customer needs having impact on the | | | | of the software product & its development |
| company business. | | | | processes. |
| - Drastic change in number of users expected to use | | | | - Availability of an adequate tool for performing design |
| the product having impact on the company business. | | | | and analysis activities. |
| - Inadequacy of help / documentation as expected by | | | | - Adequacy of performance of tools deployed for |
| the customer. | | | | design and analysis of the product being created |
| 3) Risks related to Customers: | | | | - Availability of a suitable code generators or compiler |
| Every customer has a different personality, so are | | | | compatible with the product being created |
| their needs. We can categorize customers in the | | | | - Availability of a suitable testing tools compatible with |
| following way according to their behavior & | | | | the product being created. |
| reaction to the product delivered to them. | | | | - Availability of a suitable configuration management |
| - Type of customers who happily accept a product as | | | | tools compatible with the product being created. |
| it is when delivered | | | | - Compatibility of the databases with the environment |
| - Type of customers who are of complaining nature | | | | under which they are deployed. |
| & usually tend to grumble on the quality of the | | | | - Compatibility or proper integration of all software |
| product delivered to them. Such customers pose a | | | | tools with each other |
| reasonable amount of threat to the project manager | | | | - Adequacy of skills / training to all concerned team |
| handling the project | | | | members as regards application of the tools. |
| - Type of customers who happen to have past | | | | 8) Risks related to the quality of development |
| association with the product developing company | | | | personnel: |
| - Type of customers who have good technical | | | | A product coming out of the hands of personnel of |
| knowledge of the product | | | | lower skill levels shall be certainly a cause of risk to the |
| - Type of customers who have fairly good | | | | organization. Following checklist shall be helpful in |
| understanding of the usage of the product | | | | bridging the gaps in this area. |
| - Type of customers who have a good understanding | | | | - Deployment of personnel having best possible skills |
| of process of software engineering | | | | appropriate to the project |
| - Type of customers who are ready to participate in | | | | - When in a team, proper combination of various |
| the process of reviews during the SDLC | | | | personnel with different temperament & skill levels |
| - Type of customers who are not much aware of the | | | | is important. |
| product & start using it as & when it comes | | | | - Availability of the nominated personnel during the |
| - Type of customers who are technically clear about | | | | complete duration of the project is of key importance. |
| their requirements / expectations from the product | | | | The project will get seriously affected If the persons |
| & are able to define the scope of the project | | | | leave in between, due to any reason. |
| clearly | | | | |