I am sure most of you have been on a holiday with a travel agent. What made it good? Some of...
Risk Management in Software Engineering
- Risk management is an indispensable part of any successful software development project. Today we introduce a list of best practices for risk management in software development.
In fact, many a cautionary tale can be found online when you search for examples of bad risk management planning.
There’s the famous Wells Fargo fiasco, where the CEO admitted to not knowing about a major data breach until it had already scaled to a nation-wide crisis. And then there’s also the Panama canal failure, where engineers thought they knew how to build a marine passage through the depts of the jungle just because they’d previously drilled the Suez canal. The list of poor risk management examples goes on and on.
Point being – make sure that you’re not merely learning from your mistakes, but are also prepared for handling them in a timely manner when they do happen.
With this in mind, we’ve put together a list of best practices for risk management in software development. Whether you want to control risk on an internal project or are looking for a way to work with external contractors, follow the tips below to minimize the occurrence of software development disruptions.
Let’s get to it!
Risk management – software development best practices
#1. Create a list of potential risks on your project
You’ll likely be able to list down a couple of risks right from the top of your head. Others will require scrutinizing all aspects of the software you’re developing – perhaps, together with other members of your team who have more expertise.
Once you’ve listed all the potential risks, you should categorize them according to type. This is the first step you need to take to track risks throughout the entire project.
So, how do you categorize them best?
Ian Sommerville, a software engineering professor, and systems engineering researcher, suggests breaking them down into the following groups: technology, people, organizational, tools, requirements, and estimation.
You can read more about the categorization process in this great resource.
#2. Analyze the probability of each risk
Think of it this way:
If the risk were to turn into an actual problem, would it entirely halt software development, slow it down, or merely provoke a quick change here and there?
While you can find many prioritization methods online, one recommended way of ordering risks according to their potential impact is: catastrophic, serious, tolerable, and insignificant.
Once you’ve given an appropriate ‘grade’ to each risk, also make sure that you can easily sort them from most threatening at the top to those of trivial importance at the very bottom.
#3. Create an action plan for each risk you define
Do you know the saying “hoping for the best, but expecting the worst?”.
Sometimes, despite our best efforts to foresee and nip problems in the bud, we will have to take action.
Use the list of risks you’ve prepared and made sure you have a mitigation strategy listed down in case any of the risks turn into a burning problem. This way you’ll also be able to quickly onboard anyone else engaged in solving the issue.
We recommend that you create a spreadsheet that features the following columns:
- Potential risk description
- Risk likelihood (you can use the scale we mentioned above or a scale from 1–10)
- Owner of the subject
- Actions that need to be taken to reduce the risk
- Actions that need to be taken if the risk turns into a problem
- Future control measures (if the risk came into life, how it can be prevented in the future)
In most software development teams, it is the Project Manager’s or QA Specialist’s job to maintain and update such a file on an ongoing basis. Which leads us to…
#4. Develop a risk monitoring system
A lot can change over the course of your software development project.
A risk that you evaluate as highly unlikely on ‘day one’ can become quite probable over time.
It is recommended that you go through the list of risks regularly and make sure their impact on the project and their probability of happening are up-to-date.
In the end, risk management is only as good as your dedication to continuously analyze events and their impact on your software project.
#5. Create a knowledge base of crises that have taken place in the past
While all projects are different and require a custom risk management strategy, it doesn’t mean that you can’t draw inspiration from how crises were handled in the past.
It’s highly recommended that you create a knowledge base where you and your team can add tips and step-by-step strategies on handling obstacles. This way, if a problem arises, you’ll be able to cross-analyze your mitigation strategy against those that have proven effective in the past.
It will also make a great educational resource for anyone taking their first steps in software development risk planning (for ex. junior project managers).
Last, but not least…
#6. Promote openness among team members and with your contractors
If you want to develop a solid risk management strategy, you need to put honest communication at the forefront. This applies equally to internal and external projects.
Just think of the benefits!
If you’re a software development company, your entry-level project managers will be encouraged to reach out to seniors for guidance and mentoring. On the other hand, if you’re looking to work with external developers, creating clear communication guidelines for you and your contractors will give both sides the peace of mind.
Throughout your work together, if any party or a team member notices a reason for concern, these will be brought up early on. As a result, you’ll be able to discuss and resolve issues before they escalate.
Risk management is an indispensable part of any successful software development project.
It is highly recommended that you put in the work upfront and list, categorize, and create an action plan for each possible problem.
You must also keep in mind that nothing is ever set in stone, and circumstances may change relatively quickly on your software project. Make sure to reevaluate risks regularly so that you’re always aware of their potential impact and probability.
Last, but not least, promote open communication among your team members and between you and your contractors – this way no potential issues will go unaddressed.
Risk Management FAQ
Why is it worth preparing a risk management plan?
Even the best-planned work can go wrong. It's always worth being ready for unexpected situations in order to reduce losses and costs. Especially if other processes in the company depend on the effects of our work. A risk management plan is a necessity in large companies.
Who should manage risk?
Typically, risks are managed by senior managers. They have insight into all the processes that need to be taken into consideration. It can be a team leader, a director. Large companies have separate specialists to develop such plans.
How to make a crisis management plan?
First of all, you need to estimate the possible problems. If we try to create a list of risks, it will be easier to find potential solutions. Then you should create a list of people and actions to be taken if a particular scenario turns out to be true.
If you’re looking to outsource software development, there are essentially two pricing models you’ll come across in most software...