Page 217 -
P. 217
11 - PROJECT RISK MANAGEMENT
Table 11-4 Typical Risk Responses for Software Projects
Project Risk Description
Technical Avoid Risk: Use proven development platform and language. Change the
requirements.
Transfer: Use commercially available tools and modules or reuse existing software
modules rather than creating new designs (buy rather than build).
Mitigate: Engage the constant involvement of customers and developers. Work in
short iterations so that risk can be identified early and development for risk
mitigation has time to make an impact. Train the team on new development
methods; obtain project sponsor commitment to the changes. Conduct regression
testing for changes to critical software that may impact downstream modules or
overall performance.
Security Avoid Risk: While there is no way to avoid all security risks and threats, use secure
coding and access control techniques, and accredited architectures, follow security
standards.
Transfer: Obtain software kits and tools from recognized sources with a commit-
ment to remediate security vulnerabilities. Recognized sources include the open
source community as well as proprietary commercial software vendors.
Mitigate: Train developers in secure coding. Engage intrusion detection and
independent software penetration testers for software certificate. 11
Team Avoid Risk: Use a dedicated, experienced manager and teams, and established
organizational processes.
Transfer: Use collaborative processes so there is no single point of failure; engage
recruiting or contract labor providers to offer backup or surge staff. (Note that
adding staff late in a project often slows the project further while the new staff
come up to speed.)
Mitigate: Balance staff between more expensive senior staff and less costly junior
resources with coaching and training. Improve team communication methods to
avoid duplicative work or rework.
Schedule Avoid Risk: Review baseline schedule for accuracy in proportionate allocation of
time to activities, resource loading and critical path. Allow time for planning and
design before beginning large-scale development.
Transfer: Involve customers in change control decisions at project checkpoints or
sprint priorities and content. Get the team involved in planning and estimating.
Mitigate: Start critical and higher-risk activities early in the schedule to allow time
to prototype, test, iterate, integrate, and retest. Build reserve into the schedule. Get
early feedback on variance from schedule and adjust iterative plans.
Costs Avoid Risk: Estimate by function points completed and tested, rather than by SLOC
or percent complete estimates. Use multiple cost-estimating techniques.
Transfer: Offer change proposals to include the customer in the cost of unexpected
issues or the benefit of cost-saving opportunities.
Mitigate: Shift resources from less critical activities or de-scope lower priorities.
Customer and Avoid Risk: Develop a project charter, contract, or work agreement to clarify roles
Stakeholders and expected customer responsibilities.
Transfer: Designate a customer representative to represent the voice of the user
with multiple sponsoring organizations.
Mitigate: Specify contingencies and assumptions in the absence of customer data.
Conduct walkthroughs and prototypes to build customer acceptance.
©2013 Project Management Institute. Software Extension to the PMBOK Guide Fifth Edition 209
®
