Understanding of Risk Analysis in Software Engineering
Importance of risk analysis in software projects can be judged from the fact that, no Software Development Life Cycle is viewed as complete unless it has passed through active consideration to areas having several types of risks associated with them.
The vulnerable areas covered under the process of risk analysis are
1) Assessment of Risk
2) Characterization of Risk
3) Communication of the Risk
4) Risk Management
5) Defining the Risk Related Policies
Following terms related to Risk Analysis need to be understood clearly
Let us try to understand as to what is Risk Analysis?
It is a technique employed to identify and assess various factors, which may jeopardize the success of a project or achieving a goal. These factors can pose some sort of threat to the project. Thus risk analysis covers the process of scientific assessment of such threats vulnerable to the attainment of the organizational goals.
Risk analysis technique is helpful in defining preventive measures to reduce the probability occurrence of such threatening factors. It includes identification of various countermeasures to successfully deal with such constraints with an objective to avoid devastating effects on the organization's competitiveness in the trade.
One of the risk analysis technique gaining popularity in IT sector is known as FRAP – (Facilitated Risk Analysis Process)
What is Risk Assessment?
Risk assessment involves finding out the quantity and quality of risk associated with a situation of known threat. It covers thorough evaluation of existing security & environment related aspects with a view to assess the probability of harmful effects of the threats to the organization. Risk assessment is the first and foremost step in a risk management process.
What is Business Impact Analysis or BIA?
Business impact analysis refers to the process of finding out the functions critical to the operations of the organization. The outcome of business impact analysis effort is having differentiation between critical and non-critical functions in the organization. A function is viewed as critical when its implications are unacceptable to the organization, or when it is dictated by the law or demanded by the customer or having constraint of internal operations or having unacceptable financial implications.
What is Risk Management?
Risk management is a structured methodology of handling uncertainty associated with a threat. Risk management includes development of strategies to handle the risk either by
– Transfer of the risk to some other party
– Taking actions so as to completely avoid the risk
– Taking measures aimed at reducing the damaging effects of the inevitable risk
– Taking decision to accept some or all of the consequences of a particular risk.
Few of the Risks associated with software product are described as under:
1) Risks related to the Size of the Product:
The size of the software product also can pose threat when it gets subjected to unexpectedly high deviation compared to the expectations. As a best practice, the expectations from the product are compared with similar situations encountered in the past & learning from the past happenings.
Some of the risks associated with the size of the software product can be:
– Judgement on the size of the product can be a threat
– Judgement on the number of users using the product can be a threat
– Judgement on the size of the associated database can be a threat
– Uncontrolled changes in the product requirements can be a threat to the product size
2) Risks having Impact on the Business:
There are certain types of threats or risks, which can have effect on the performance of the business. Such risks are like:
– Quality of the software product having an impact on revenue of the company.
– Product delivery dates having impact on the company business, including costs of delayed delivery.
– Inconsistent customer needs having impact on the company business.
– Drastic change in number of users expected to use the product having impact on the company business.
– Inadequacy of help / documentation as expected by the customer.
3) Risks related to Customers:
Every customer has a different personality, so are their needs. We can categorize customers in the following way according to their behavior & reaction to the product delivered to them.
– Type of customers who happily accept a product as it is when delivered
– Type of customers who are of complaining nature & usually tend to grumble on the quality of the product delivered to them. Such customers pose a reasonable amount of threat to the project manager handling the project
– Type of customers who happen to have past association with the product developing company
– Type of customers who have good technical knowledge of the product
– Type of customers who have fairly good understanding of the usage of the product
– Type of customers who have a good understanding of process of software engineering
– Type of customers who are ready to participate in the process of reviews during the SDLC
– Type of customers who are not much aware of the product & start using it as & when it comes
– Type of customers who are technically clear about their requirements / expectations from the product & are able to define the scope of the project clearly
4) Risks related to Software Engineering Process:
Clear cut definition of the entire process of software engineering is of paramount importance for the success of the product. A badly planned process will result into a software product posing great threats to itself as well as to the organization.
Following guidelines / checklist can be helpful in identifying the software engineering related threats & planning their counter measures.
– Ensure the availability of a documented process planned for the development of the software product.
– Ensure that all the participants of the product development team (whether in-house or third party peoples) is religiously following the documented process
– Ensure the availability of a mechanism for monitoring the activities & performance of third party developers & testers, if any.
– Ensure the active participation of someone who can regularly monitor the technical reviews conducted by the development teams as well as the testing teams.
– Ensure the proper documentation of outcome of the technical reviews detailing the resources deployed to unearth what type of software bugs.
– Ensure the availability of a configuration management mechanism for ensuring adequate consistency in design, development and testing of the product in line with the basic requirements already defined.
– Ensure the availability of a mechanism to handle the changes in product requirements raised by the customer from time to time. Such system should be able to analyze the impact of such changes on the software product
5) Risks related to the Technology of Development:
Many times technological factors also pose great threat to the success of the software product. Following guidelines / checklist can be helpful in identifying the technology related threats & planning their counter measures.
– An absolutely new technology being used for building the software application can be a threat to the organization.
– Unless proper interface is developed between the software & hardware of some new configurations, there can be a cause of threat.
– Unless function, performance and interface of the database system has been proven across the application area in question, there can be a cause of threat.
– Requirement of some absolutely new or highly specialized interface as expected by the product can also pose a threat
– Demand of some specialized requirements of particular type of design and testing tools and techniques can be a cause of concern or risk.
– Too much of structured requirements imposed by the customer can a lot of pressure on the performance of the product
– Inadequacy of productivity-related metrics and quality related metrics available to the product development teams can pose risk of emergence of poor quality product
6) Risks associated with development & Testing Tools:
Different types of development and testing tools can also be a cause of concern many a times during the SDLC.
– Use of some typical methods for analysis can be a cause of concern.
– Use of some typical methodologies for documentation can be a cause of concern.
– Use of some typical methods to design the test cases can be a cause of concern.
– Use of typical tools for managing the project activities can be a cause of concern.
– Use of particular tools for configuration management during the SDLC can be a cause of concern
– Use of particular tools for prototyping purposes can be a cause of concern
– Use of particular tools for providing support to the software testing process can be a cause of concern
– Use of particular tools for managing the documentation can be a cause of concern
7) Risks related to the developmental Environment:
Environment provided for development of the product also plays a key role in the success of the product. Some of the factors or situations described below can pose certain amount of risk.
– Availability of an adequate tool for the management of the software product & its development processes.
– Availability of an adequate tool for performing design and analysis activities.
– Adequacy of performance of tools deployed for design and analysis of the product being created
– Availability of a suitable code generators or compiler compatible with the product being created
– Availability of a suitable testing tools compatible with the product being created.
– Availability of a suitable configuration management tools compatible with the product being created.
– Compatibility of the databases with the environment under which they are deployed.
– Compatibility or proper integration of all software tools with each other
– Adequacy of skills / training to all concerned team members as regards application of the tools.
8) Risks related to the quality of development personnel:
A product coming out of the hands of personnel of lower skill levels shall be certainly a cause of risk to the organization. Following checklist shall be helpful in bridging the gaps in this area.
– Deployment of personnel having best possible skills appropriate to the project
– When in a team, proper combination of various personnel with different temperament & skill levels is important.
– Availability of the nominated personnel during the complete duration of the project is of key importance. The project will get seriously affected If the persons leave in between, due to any reason.