Software Risk Management

Any development project may have risks. If we pay attention to risks in advance and prevent them, we can minimize the risk. Risk management is one of the effective measures we can adopt.

Risk management requires our management personnel to make decisions when the information is incomplete. The Mode usually consists of three steps:

Risk identification, risk impact analysis, and risk response plan.

Note: Read PMBOK-related books for details.

1. Risk Classification

Based on the risk content, we can divide the risks into project risks (Cost Improvement, time extension, etc.), Technical Risks (immature technology, etc.), commercial risks (sales issues, etc), strategic risks (the company's business strategy has changed), management risks (whether the company's management personnel are mature, etc.), budget risks (whether the budget is accurate, etc.

In addition, we can divide risks into known risks (such as employee resignation), predictable risks (which may be risky from past experiences), and unpredictable risks.

2. Risk Identification

An Effective Method for risk identification is to establish a risk project checklist. It mainly involves the following checks:
. Product scale risk check
. Business impact risk check
. Customer-related risk check
. Process risk check
. Technical risk check
. Development Environment Risk check
. Risk checks related to personnel models and experiences

3. Risk assessment

Risk assessment mainly involves the following seven aspects:
. Likelihood of occurrence
. Result (IMPACT)
. Establish a scale to indicate the likelihood of risks (for example, extremely rare, rare, common, possible, and extremely possible)
. Describe the consequences
. Estimated impact on products and projects
. Determine the correctness of risk assessment
. Limited queue Scheduling Based on impact

In addition, the performance, scope, and time of each risk should be judged as accurately as possible.

4. Risk assessment

Risk evaluation is based on three factors: Risk Description, risk probability, and risk impact. The risks are evaluated in terms of cost, progress, and performance. Determine the Project STOP point and conduct another risk assessment at the stop point.

5. Risk Control and Monitoring

Risk Control and Monitoring mainly rely on the experience of managers. For example, a developer may leave the company at a probability of 0.7, which may affect the project after leaving the company. The risk control and monitoring policies are as follows:

. Negotiate with in-service personnel to determine the reason for the flow.
. Before the project starts, include the work related to these flow causes in the risk control plan.
. At the beginning of the project, good people are ready to move and some measures are taken to ensure that the project can continue once the personnel leave.
. Develop document standards and establish a mechanism to ensure that documents are generated in a timely manner.
. Conduct a detailed review of all the work, so that more people can complete their work as planned.
. Train reserve personnel for each critical technical personnel.

After considering the risk cost, decide whether to adopt the above strategy.