TOPIC NAME:RISK ANLYSIS AND

MANGMENT
Software project managment

SUBMITTED BY: Fawad khan

SUBMITTED TO:PROF Aminullah

SEMESTER: 7th

Roll NO#:1560034

4 OCTUBER
COMPUTER SCINCE
Risk:
Risk is the possibility of losing something of value. Values can be gained or lost when taking risk resulting from
a given action or inaction, foreseen or unforeseen. Risk can also be defined as the intentional interaction with
uncertainty.

Risk Analysis: Risk analysis is a technique used to identify and assess factors that may jeopardize
the success of a project or achieving a goal.
This technique also helps to define preventive measures to reduce the probability of these factors from occurring
and identify countermeasures to successfully deal with these constraints when they develop to avert possible
negative effects on the competitiveness of the company.
One of the more popular methods to perform a risk analysis in the computer field is called facilitated risk analysis
process (FRAP).

Facilitated risk analysis process:

FRAP analyzes one system, application or segment of business processes at a time.
FRAP assumes that additional efforts to develop precisely quantified risks are not cost effective because:

 such estimates are time consuming

 risk documentation becomes too voluminous for practical use
 specific loss estimates are generally not needed to determine if controls are needed.
 without assumptions there is little risk analysis
After identifying and categorizing risks, a team identifies the controls that could mitigate the risk. The decision for
what controls are needed lies with the business manager. The team's conclusions as to what risks exists and what
controls needed are documented along with a related action plan for control implementation.
Three of the most important risks a software company faces are: unexpected changes in revenue, unexpected
changes in costs from those budgeted and the amount of specialization of the software planned. Risks that affect
revenues can be: unanticipated competition, privacy, intellectual property right problems, and unit sales that are less
than forecast. Unexpected development costs also create risk that can be in the form of more rework than
anticipated, security holes, and privacy invasions. [1]
Narrow specialization of software with a large amount of research and development expenditures can lead to both
business and technological risks since specialization does not necessarily lead to lower unit costs of
software.[2] Combined with the decrease in the potential customer base, specialization risk can be significant for a
software firm. After probabilities of scenarios have been calculated with risk analysis, the process of risk
management can be applied to help manage the risk.
Methods like applied information economics add to and improve on risk analysis methods by introducing procedures
to adjust subjective probabilities, compute the value of additional information and to use the results in part of a
larger portfolio management problem.

RISK MANAGMENT:
Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and
economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events
or to maximize the realization of opportunities.
Risks can come from various sources including uncertainty in financial markets, threats from project failures (at any
phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural
causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. There
are two types of events i.e. negative events can be classified as risks while positive events are classified as
opportunities. Several risk management standards have been developed including the Project Management
Institute, the National Institute of Standards and Technology, actuarial societies, and ISO standards. Methods,
definitions and goals vary widely according to whether the risk management method is in the context of project
management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health
and safety.
Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat,
reducing the negative effect or probability of the threat, transferring all or part of the threat to another party, and
even retaining some or all of the potential or actual consequences of a particular threat, and the opposites for
opportunities (uncertain future states with benefits).

What are the 5 Risk Management Steps in a Sound Risk Management Process:
As a project manager or team member, you manage risk on a daily basis; it’s one of the most important things
you do. If you learn how to apply a systematic risk management process, and put into action the core 5 risk
management process steps, then your projects will run more smoothly and be a positive experience for
everyone involved.
A common definition of risk is an uncertain event that if it occurs, can have a positive or negative effect on a
project’s goals. The potential for a risk to have a positive or negative effect is an important concept. Why?
Because it is natural to fall into the trap of thinking that risks have inherently negative effects. If you are also
open to those risks that create positive opportunities, you can make your project smarter, streamlined and
more profitable. Think of the adage –“Accept the inevitable and turn it to your advantage.” That is what you do
when you mine project risks to create opportunities.

Uncertainty is at the heart of risk. You may be unsure if an event is likely to occur or not. Also, you may be
uncertain what its consequences would be if it did occur. Likelihood – the probability of an event occurring, and
consequence – the impact or outcome of an event, are the two components that characterize the magnitude of
the risk.

All risk management processes follow the same basic steps, although sometimes different jargon is used to
describe these steps. Together these 5 risk management process steps combine to deliver a simple and
effective risk management process.

Step 1: Identify the Risk. You and your team uncover, recognize and describe risks that might affect your
project or its outcomes. There are a number of techniques you can use to find project risks. During this step
you start to prepare your Project Risk Register.

Step 2: Analyze the risk. Once risks are identified you determine the likelihood and consequence of each risk.
You develop an understanding of the nature of the risk and its potential to affect project goals and objectives.
This information is also input to your Project Risk Register.

Step 3: Evaluate or Rank the Risk. You evaluate or rank the risk by determining the risk magnitude, which is
the combination of likelihood and consequence. You make decisions about whether the risk is acceptable or
whether it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk
Register.

Step 4: Treat the Risk. This is also referred to as Risk Response Planning. During this step you assess your
highest ranked risks and set out a plan to treat or modify these risks to achieve acceptable risk levels. How can
you minimize the probability of the negative risks as well as enhancing the opportunities? You create risk
mitigation strategies, preventive plans and contingency plans in this step. And you add the risk treatment
measures for the highest ranking or most serious risks to your Project Risk Register.

Step 5: Monitor and Review the risk. This is the step where you take your Project Risk Register and use it to
monitor, track and review risks.
Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively de-risk your
project. And that means you can move much more confidently to achieve your project goals. By identifying and
managing a comprehensive list of project risks, unpleasant surprises and barriers can be reduced and golden
opportunities discovered. The risk management process also helps to resolve problems when they occur,
because those problems have been envisaged, and plans to treat them have already been developed and
agreed. You avoid impulsive reactions and going into “fire-fighting” mode to rectify problems that could have
been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that
you minimize the impacts of project threats and capture the opportunities that occur.