Each project has risk and managing risk tactically is crucial for your project success. In this blog I would like to share my experience of risk management I have done in Fix bid project I have executed recently.

Project Description: Front-end application development using Angular 4. Project Contract was fix bid.
All the fix bid project timeline and cost is based on estimates. So it is very important that you validate the estimate given by pre-sales team before starting the development work.

The biggest risk in fix price software development project is related to scope changes, schedule slippage and cost overrun. Working on new technology is also biggest challenges and introduce many risks.

There was the resource related risk when you execute the project in Angular 4 technologies. I don’t had any developer who has hands-on experience in Angular 4. Angular 4 was recently released and nobody in my team has any previous experience. Few team members had some experience in Angular 1.5. But fact of the life is there is vast difference between Angular JS 1.5 and Angular 4. Angular 4 is completely rewritten and its again new world for Angular JS 1.5 developer. This was the real challenge.

Technical Risk: To add to the complexity client wanted to use Material Design, which is the cutting edge new technology but not stable. There are more than 400 issues are open on his official website. There is no documentation and help is available. Even there is not much resources available on internet which give us proper demo.

Quality Risk: On top of it client wanted us to ensure the 95% code coverage using automated unit testing framework like Jasmin and Karma.

External Risk: API’s were not available so development team has to write mock api’s.

Scope Risk: Client has provided us visual designs but that visual design itself is evolving in nature. Requirement was not freeze and not documented anywhere.

Isn’t it sound challenging?

Let’s see how many risk are involved here and how can we manage it. As per the PMBOK we need to do below activities

  1. Plan Risk management
  2. Identify Risk
  3. Perform Qualitative Risk Analysis
  4. Perform Quantitative Risk Analysis
  5. Plan Risk Response
  6. Control Risk

Let me tell you how I did all of these activities.

Prepare a Risk Management Plan

As a project manager for this challenging project I have prepared a Risk Management Plan as below.

Risk Management plan should have all below given sections

  1. Methodology
  2. Roles and Responsibility
  3. Budgeting
  4. Timing
  5. Risk Categories
  6. Definition of Risk Probability and Impact
  7. Probability and Impact Matrix
  8. Revised Stakeholders’ tolerance
  9. Reporting Format
  10. Tracking

1. Methodology :-

  1. Risk Register should be created and keep updated throughout the project life-cycle.
  2. All the project risk should be maintain in the Risk Register.
  3. Quantitative and qualitative analysis of each risk should be recorded in the Risk Register.
  4. Risk Mitigation Plan should be prepared for each risk with High Impact.
  5. Weekly meeting with important stakeholder to discuss and review RISK register.
  6. Risk Identification Activity should planned and output should be updated in the RISK Register.
  7. Qualitative and Quantitative Analysis of the newly added risk to be performed by Project Manager each week and will be shared with all the stakeholders.
  8. If any risk is realized, Project manager will execute mitigation plan for it as per the risk register and Impact on the schedule, deliverable and budget will be published to stakeholders.

2. Roles and Responsibility :-

  1. Developer: Developer should not spend more than 1 hour of efforts for R and D. If they are not able to complete their task within 10% deviation of planned estimated efforts task will be put on hold for now and he start work on another task.
  2. Technical Lead: If developer didn’t finish the task in planned efforts and park Tech lead should take this task and try to accomplish it. If he also face challenges that particular task will be bring to Scrum Master’s notice.
  3. Innovation Team: Innovation team comprises of high experience technical people. They can spend enough time on the task to R and D. If they are not able to resolve the issue. Issue will be communicated to Produce Owner.
  4. Scrum Master: Scrum Master will actively work on the obstacles the team is facing. And try to bring the right person to work on the task which is not completed in estimated efforts and parked for blocked by tech lead. He Need to talk to innovation team.
  5. Project Manager: Project manager will monitor the risk and take necessary actions as per risk management plan when risk realize. Project Manager should do quantitative and qualitative risk analysis for each new risk added in Risk Register. Response for each risk should planned well in advance by PM. If the risk realized than mitigation plan should be implemented and its impact will be published to stake-holders.

3. Budgeting :-

  1. Budget for the Innovation team involvement should be defined. Say considering the technically challenging project we get pre-defined allocation of one dedicated resource from the innovation team.
  2. We should get pre-approval from the Project Sponsor that additional budget will be required for R and D.
  3. Risk to be tracked in risk tracking sheet. This will also help to audit risk process.

4. Timing :-

  1. We shall have a daily meeting with innovation team.
  2. Scrum master will send email every day to product owner on the issues.
  3. Scrum Master have a weekly meeting with Product owner to decide the course of action for the items doesn’t resolved by Innovation Team.
  4. We also get approval from the Project Sponsor that it might be possible that we will need more time to complete the project.

5.Risk Categories :-

We categories the risk in below categories.

  • Technical
    • Technologies
      • Angular 4
      • Material Design
  • Quality
  • Automated Testing
  • Requirement
    • Responsive
  • External
    • Dependencies
    • API
  • Organizational
    • Training
    • Resources
  • Project Management
    • Estimation
      • Cost Estimation
    • Planning
      • Sprint planning
    • Communicating
      • Communicating schedule slippage
      • Cost Over Run

6.Definition of Risk Probability and Impact: Each risk should have impact on four major project objectives namely cost, time, scope and quality. Say for example, if there is automated testing to be used will have significant impact on cost. Cost will increase significantly. Timeline will also be increased. Quality will be improved and scope will not be affected.

7.Probability and Impact Matrix: Probability for each risk will be agreed and listed down in the risk register. Also impact for each risk in the risk register should be determined. Based on this information each risk cab be plotted on the chart of probability versus Impact. Risk with highest probability and major impact quadrant should be given more attention.

8.Revised Stakeholders’ tolerance: I have communicated to stakeholder that there is high risk in the project. This is will make their mind-set that this project will have comparatively more risk than other projects in the company.

9.Reporting Format: Reporting format for the risk will be communicated via email and during weekly meeting.

10.Tracking: Risk register will be used to track the risk and biweekly audit for the risk will be done.

Identify Risk

Once our risk management plan is ready next step is to identify all the possible risk and list it.
Various techniques are available to identify risks in particular project. For this project I use google search, review my previous projects risk register and do brain storming and meeting with my team. I also carefully analysed the Project plans namely Resource Management Plan, Cost Plan, Schedule, Requirement Management, Scope of Work, Assumptions, Stakeholder register, Technological Suggestions etc.

On high level we can prepare Risk break down structure as below.

Finally I prepared a Risk Register as mentioned below and list all the identified risk in it.

Risk Description Probability of Occurrence Loss Size Probability of Occurrence Loss Size(Days) Risk Exposure (Days)
Insufficient QA time to validate on all browsers and OS types.
Scope of work is not clearly defined. Requirements are listed as only one line item and with assumptions.
Scope creep: Chances that unexpected changes and uncontrolled growth to a project’s scope.
Availability of expert staff/resources
Unrealistic time frames
Dependencies on other team for various things like Story Elaboration, API Spec verification
Technical problems
Development team does not have prior experience in Angular 4

I will continue this case study in my next blog wherein I will share my experience in on how I did quantitative and qualitative analysis of the risk, how I plan the risk response and control it.

Managing Risk for Software Engineering Project

5 thoughts on “Managing Risk for Software Engineering Project

  • August 1, 2017 at 1:58 pm

    Yes, Angular 4 is a new technology. That is the biggest risk. Very difficult to find resources in India for Angular 4.

  • August 1, 2017 at 2:52 pm

    This is fantastic explanation about Risk and how managed effectively. Handling unexpected risk and unexpected way would be very challenging on any project…. Amit keep writing…:)

  • August 2, 2017 at 7:29 am

    Super Analysis and excellent approach for risk management without hiding anything to client.

  • August 5, 2017 at 6:18 pm

    Sir, Inform client that with hidden scope, project can’t be fixed bid and propose for T&M.


Leave a Reply

Your email address will not be published. Required fields are marked *