Page 199 -
P. 199
11 - PROJECT RISK MANAGEMENT
11 11
PROJECT RISK MANAGEMENT
Most of the material in Section 11 of the PMBOK Guide is applicable to risk management for software projects.
®
This section of the Software Extension to the PMBOK Guide presents additional considerations for managing
®
software project risk.
According to Section 11 of the PMBOK Guide, Project Risk Management includes the processes of conducting
®
risk management planning, identification, analysis, response planning, and controlling risk on a project. The
objectives of Project Risk Management are to increase the probability and impact of positive events and decrease
the probability and impact of negative events in the project. This section of the Software Extension to the PMBOK
®
Guide addresses risk management for software projects by describing risks and risk mitigation strategies that are
important for managing software projects, and which merit attention beyond that provided in the PMBOK Guide.
®
11
As defined in the Glossary to this Software Extension, risk is an uncertain event or condition that, if it occurs, has
a positive or negative effect on a project’s objectives. In ISO Guide 73:2009 – Risk Management: Vocabulary [40],
risk is defined as the “combination of the probability of an event and its consequence.” This widely used definition
is applied in the principal software engineering standard for risk management: ISO/IEC/IEEE 16085 – Systems and
software engineering—Life cycle processes—Risk management [41].
Each software development project has different uncertainties, risks, and opportunities because each software
project is a unique combination of requirements, design, and construction, resulting in a distinct software product.
Software project risks and software technical risks affect every stakeholder. Therefore, almost every one of the
47 processes in the PMBOK Guide and this Software Extension is concerned with managing risks. Software risk
®
management aims to improve the probability of achieving the project goals; software opportunity management
aims to exceed the project goals. Opportunity management is commonly practiced in software project management,
especially in adaptive projects that have the opportunity to rapidly respond to customer-requested changes, apply new
technology, or accept additional resources. The risk management process is “a continuous process for systematically
identifying, analyzing, treating, and monitoring risk throughout the life cycle of a product or service” [41].
Software project risk management and opportunity management for software projects includes planning, identifying,
and analyzing software project risks and opportunities; performing software project qualitative and quantitative risk and
opportunity analyses; planning risk and opportunity responses; and monitoring and controlling project risks and opportunities.
Commonly occurring risks for software projects include technical, schedule, cost, quality (e.g., security, safety, availability),
team dynamics, and customer/stakeholder risk factors. Risk treatments include accepting, avoiding, transferring, or
mitigating risk. Mitigating risk can occur by either immediate action or tracking and deferred action, when warranted.
While this section primarily addresses software development project risk management, the techniques and
approaches are also applicable to delivery of software as a service. In that case, the primary risk is a break in
service continuity, that is, the inability to continually deliver services at agreed-upon levels.
©2013 Project Management Institute. Software Extension to the PMBOK Guide Fifth Edition 191
®
