Chapter 8. Identifying and Managing Risks

Some projects never reach a successful conclusion because of failure to identify or mitigate specific risks. As software projects grow in size and complexity, project managers must be aggressive in identifying and dealing with these risks. This suggests that a comprehensive approach must be taken for each project.

To meet this challenge, I recommend taking a proactive approach to identifying the risks. On small to medium-sized projects, the project manager usually leads this effort. Large projects may have a dedicated risk manager role for this purpose.

Complicating any risk management strategy is the fact that risks can come from nearly any source. The following are some examples of sources of risk on an outsourced project:

• Technical risks. These risks are usually the easiest to identify and mitigate.

• Unknown risks. "You don't know what you don't know" is a common phrase that applies here.

• Political risks. These are perhaps the most difficult to identify and manage.

• Funding risks. Unexpected or unplanned changes in funding can easily derail a project.

• Business risks. If the project's success results in lost business, or the product reaches the marketplace too late, the project's success may result in a contractor's going out of business.

• Schedule and cost risks. I have placed these in the preceding category because they are very common risks and are closely related.

• Dependencies on external sources. This could be another contractor, a vendor, or any other external source providing a critical resource to the project.

This chapter discusses ways of identifying and managing these risks.