The Art of Risk Management for Software Projects

Projects are prone to risks and software projects are no exceptions. Given the inherent nature of a software development life cycle (SDLC), exposure to risks is obvious. Throughout my career in the industry, handling different roles, my perceptions towards risks in a software project kept changing – ranging from a state of mind when I could hardly appreciate the need for the risk management efforts put in by my project managers to the present date, when I religiously believe none of the software projects can be executed successfully without an effective risk management plan and its implementation.

Here are the risks that projects are exposed to:

1. Stakeholders without clear vision and expectations from the project.
2. Unrealistic project planning.
3. Misconceptions due to either faulty narration or understanding of requirements.
4. Low quality of development and testing.
5. Ineffective implementation strategy.
6. Loss of key team members.
7. Inability of project managers to raise an alarm or to convince the stakeholders.
8. False realisation of risk mitigation among project managers.
9. Inability of organisations to maintain an archive of documents for lessons learnt from past projects.

These risks are the root causes for a number of consequences that contribute largely for a project to go bad, for example scope creep, gap in knowledge base, schedule slippage, etc.

Here are the means to adopt to mitigate the risks:

1. Embed risk management in the project and include it in project meetings and training of team members. Put emphasis on risk communication.
2. Do a thorough planning of risk management and responses.
3. Focus on future scenarios in a project that might occur and identify risks early in a project. This enables a project manager to have adequate time left to handle unforeseen risks that occur.
4. Work on a risk ownership module. Assign a team member per risk, who is to be held accountable if a risk is not addressed in a timely fashion on its occurrence.
5. Do a risk analysis followed by prioritisation of risks on the basis of effect severity on the project execution.
6. Document and register all risks to enable progress tracking.
7. Ensure knowledge sharing so that no team member becomes sole owner of any block of the knowledge.
8. Raise alarm on the slightest possibility of occurrence of a concern and take action.
9. Lastly, archive all project documents as learning from the project.

Project managers need to be proactive and not reactive. Also, they need to realise that project management is an art and never a science. They have to be dependent on tools and methodologies to manage projects but at the same time they have to be intuitive to be able to mitigate risks because ironically for the majority of the projects the pre-identified major risks do not occur instead something unforeseen happens.