Project Risk Management.
Mr. Majid Hussain khalti, Mr. Nimat Ullah khattak.
What is risk?
Categories of risk.
What is risk management?
Importance of risk management.
How can we control risks in a project?
Risk is an uncertainty.
We don’t know whether a particular event will occur or
not but if it does has a negative impact on a
Risk is the probability of suffering loss.
Risk provides an opportunity to develop a better
There is a difference between a Problem and risk;
Problem is some event which has already occurred but
risk is something that is unpredictable.
Risk can also be positive.
“The threat or possibility that an action or event will
adversely or beneficially effect an organization’s ability to
achieve its objectives.”
“ An uncertain event or condition that, if it occurs, has a
positive or negative effect on a project’s objectives.”
1. Schedule Risk:
Project schedule get slip due to some reasons.
Wrong time estimation.
Resources are not tracked properly. All resources like
staff, systems, skills of individuals etc.
Failure to identify complex functionalities and time
required to develop those functionalities.
Unexpected project scope expansions.
2. Budget Risk:
Wrong budget estimation.
Project scope expansion
3. Operational Risks:
Risks of loss due to improper process implementation,
failed system or some external events risks.
Causes of Operational risks:
Failure to address priority conflicts
Failure to resolve the responsibilities
No resource planning
No communication in team.
4. Technical risks:
Technical risks generally leads to failure of functionality
Causes of technical risks are:
Continuous changing requirements
No advanced technology available or the existing
technology is in initial stages.
Product is complex to implement.
Difficult project modules integration.
5. Programmatic Risks:
These are the external risks beyond the operational limits.
These are all the uncertain risks that are outside the
control of the program.
These external events can be:
Running out of fund.
Changing customer product strategy and priority
Government rule changes.
Risk type Possible risks
Technology The database used in the system cannot process as many transactions per second
Software components that should be reused contain defects that limit their
People It is impossible to recruit staff with the skills required.
Key staff are ill and unavailable at critical times.
Required training for staff is not available.
Organisational The organisation is restructured so that different management are responsible for
Organisational financial problems force reductions in the project budget.
Tools The code generated by CASE tools is inefficient.
CASE tools cannot be integrated.
Requirements Changes to requirements that require major design rework are proposed.
Customers fail to understand the impact of requirements changes.
Estimation The time required to develop the software is underestimated.
The rate of defect repair is underestimated.
The size of the software is underestimated.
Some other examples of risks in the software process
Risk Affects Description
Staff turnover Project Experienced staff will leave the project before it is finished.
Management change Project There will be a change of organisational management with
Hardware unavailability Project Hardware that is essential for the project will not be
delivered on schedule.
Requirements change Project and
There will be a larger number of changes to the
requirements than anticipated.
Specification delays Project and
Specifications of essential interfaces are not available on
Size underestimate Project and
The size of the system has been underestimated.
CASE tool under-
Product CASE tools which support the project do not perform as
Technology change Business The underlying technology on which the system is built is
superseded by new technology.
Product competition Business A competitive product is marketed before the system is
Project risk management is the art and science of
identifying, analyzing, and responding to risk
throughout the life of a project and in the best interests
of meeting project objectives
Risk management is an attempt to identify, to measure,
to monitor and to manage uncertainty.
Not only negative (ensuring that bad things are less
likely to happen), But also positive (making it more
likely that good things will happen)
The art of managing the risks effectively so that the
WIN-WIN situation and friendly relationship is
established between the team and the customer is
called Risk Management.
Risk Management is a software engineering practice
which provides a disciplined environment for proactive
Assess continuously what can go wrong (risks).
Determine what risks are important to deal with.
Implement strategies to deal with those risks.
It maximizes the probability and consequences of
positive events and minimizes the probability and
consequences of adverse events to project objectives.
The project should be managed in such a way that the
risks don’t affect the project in a big way.
The Risks we encounter in a project should be resolved
so that we are able to deliver the desired project to the
1. Planning risk management: deciding how to
approach and plan the risk management activities for
Roles and responsibilities
Budget and schedule
Risk probability and impact
Revised stakeholders tolerances
Output = “Risk management plan”.
2. Identifying risks: determining which risks are likely to
affect a project and documenting the characteristics of each
The Delphi Technique
Out put = Risk Register
3. Performing qualitative risk analysis: prioritizing risks
based on their probability and impact of occurrence
The Top Ten Risk Item Tracking
4. Performing quantitative risk analysis: Numerically
estimating the effects of risks on project objectives
Decision tree analysis
5. Planning risk responses: Taking steps to enhance
opportunities and reduce threats to meeting project objectives
Strategies for negative Risks
Risk avoidance (continue whatever comes will be handled)
Risk acceptance (accept risk due to unavailability of resources )
Risk transference (transfer risk to a 3rd
Risk mitigation (reducing the probability of risk to occur)
Strategies for positive Risks
Risk exploitation (making sure positive risk to occur, i-e holding public
Risk sharing (partnership)
Risk enhancement (identifying and maximizing the key driver of
Risk acceptance (accept the bitterness, don’t try for best)
6. Monitoring and controlling risks: Monitoring identified
and residual risks, identifying new risks, carrying out risk
response plans, and evaluating the effectiveness of risk
strategies throughout the life of the project