1.) Risk identification,
2.) Risk prioritization and
3.) Risk treatment
1.) Risk identification:- Risk identification is majorly dependent on the project scope.
It is often carried forward with different tools and methods such as:-
- Project objectives,
- Prior system knowledge,
- Knowledge of system design,
- Known industry practices,
- Prior customer complaints and
- Knowledge of system usage.
Example :An unstable system is tagged to be developed in future projects, this will be declared as a risk.
It is imperative to have proper documentation for risk involved and assessed in a project. It in turn will help project stakeholders to understand the impact of these risks to the project.
Developers and testers must revisit this list frequently as the project progress one step closer to deployment. This will help developers and testers to keep track of the risks if they still exist or if there are new risks that have appeared.
2.) Risk prioritization:- Risk prioritization means ranking the risks on how urgent and important it is to be addressed. To accomplish this task one must have a complete understanding of the risks.
Prioritization is often measured by:
- Risk impact
- Risk probability and
- Risk Magnitude
Risk Impact is usually measured by either money loss or a scale from 1 to 10. Risk Probability is ranked from 0 (no probability from occurring) or 1 (certain to occur). Risk Magnitude Combination of risk impact and risk probability .
3.) Risk Treatment:- Risk Treatment There are four ways of risk treatment :
- Risk avoidance
- Risk transfer
- Risk mitigation and
- Risk acceptance.
Risk avoidance we can postpone development of application components for a later release. But this would have a big impact. Risk transfer is done when we outsource the solution to another specialty company that has have the right resources to treat the risk. Risk mitigation is the most common of the above ways to treat a risk. It is often used by developers and testers as this has usually a low impact. Risk acceptance means that the risk was not treated in prior releases and it has to be accepted in the current release because there are no options to deal with it.