Concept: Risk
A risk is whatever may stand in the way to success, and is currently unknown or uncertain. Usually, a risk is qualified by the probability of occurrence and the impact in the project, if it occurs.
Relationships
Related Elements
Main Description

What is a Risk?

In well managed projects, many decisions are driven by risks, or more exactly by risk mitigation. You are trying to mitigate or tackle the most critical risks as earlier as possible in the project. In order to achieve this you need to get a good grip on the risks the project is faced with, and have clear strategies on how to mitigate or deal with them.

In everyday life a risk is an exposure to loss or injury; a factor, thing, element, or course involving uncertain danger. Similarly, in software development a risk is something that can compromise the success of a project. Examples of potential sources of risk in software development are listed below (see [SEI99] for more details):

  • Requirements
  • Design
  • Development process
  • Work environment
  • Resources
  • Contract
  • Project interdependencies
  • etc.

Risks can be seen as opportunities. If there are benefits associated to an opportunity, then certain degrees of risk must be taken for a project to be successful [SEI99].

Risk Attributes

You can record as much information as you like or need about your risks, you will find below a list of common risk attributes.

  • Risk Description: A description of the risk detailing the impact for the project if this risk becomes a problem (i.e. it becomes a reality).
  • Risk Type: Used to classify the risk as:
    • Direct risk: a risk that the project has a large degree of control over.
    • Indirect risk: a risk with little or no project control.
  • Risk Probability (of occurence): how many chances do we have that this risk will become a problem or an issue, This is usually represented as a scale of values (for example: High, Medium, Low).
  • Risk Impact (level): if this risk become an problem what will be the impact on the project. This is not the actual description of the impact but the level of impact. As the risk probability, it is usually represented as a scale. This attribute is also sometimes called the severity of the risk.
  • Risk Magnitude: To be able to rank and to define which ones need to be mitigate first, the Risk Probability  and Risk Impact attributes are often combined in a single Risk Magnitude indicator represented as a scale similar to the combined attributes.