Skip to content

Software Risk Management

Practice · Chapter 2

Risks are potential problems, and software design/development carries many. Organizations differ in risk tolerance but should all have a risk-management plan. Architects assist project managers in managing risk; unmanaged risk leads to cost/time overruns, rework, operational failures, and possibly total project failure.

The team should document potential risks. An architect’s knowledge and experience can surface risks that stakeholders, PMs, and other team members miss.

Risk typeExamples
FunctionalIncorrect requirements; lack of end-user/BA participation; conflicting business goals
TechnicalComplexity; project size; unfamiliar languages/tools/frameworks; vendor/subcontractor dependencies
PersonnelTeam lacking experience/skills; inability to staff; productivity issues
FinancialInsufficient funding; hard-to-meet ROI constraints
LegalGovernment regulations; changing legal requirements; contractual changes
ManagementLack of experience/skill; incorrect planning; poor communication; organizational issues

Assess each risk’s potential impact and probability of occurring. Risks that are both high-impact and high-likelihood are the most critical to a project.

TechniqueWhat it doesExample
Risk avoidanceChange the project to eliminate the risk entirelyUse a familiar technology instead of an unfamiliar one (if it still meets needs). Note: not all risks can be avoided, and avoiding one may create others; taking risk is sometimes needed to seize an opportunity.
TransferMove the risk to another partyBuild contract penalties so a subcontractor bears the risk of late/low-quality deliverables.
MitigationReduce the likelihood the risk occursAssign a mentor to a new, less-experienced team member to lessen delay/quality risk.
AcceptanceAccept the risk and its consequencesAccept not being first to market in exchange for shipping a better, unrushed product.

Key caution: actions taken to mitigate or transfer a risk can introduce their own risks (e.g., rushing to finish sooner raises the chance of missed requirements or lower quality) — factor this into the analysis.

  • Software Architect’s Handbook (Packt, 2018), Ch.2 “Software risk management”, pp. 122-127.