Risk Analysis

What is risk?

In the field of software engineering, risk may be defined as the potential susceptibilities or vulnerabilities associated with a software product, which may likely to affect the software product quality at a later stage during and after the development process.

These risks may be classified into following categories:

  • Operational Risk
  • Project Risk
  • Product Risk
  • Scheduled Risk
  • Budget Risk
  • Technical Risk
  • Programmatic Risk

What is Risk Analysis?

In the field of software engineering, risk analysis may be seen as a part of the risk management activity to analyse and assess the degree of impact, possessed by each identified risk. It is used to find out, how much risk is associated with the software product.

Basically, risk analysis is done to classify the risks, identified in the software project under multiple categories so as to manage, prioritize & test them, accordingly.

How to assess the risks?

A risk may be evaluated from three different views as given below:


What will be the impact or consequences of an identified risk?


Opposite to impact, it is used to trace out the sets of conditions or actions, which may put the software product in an undesirable and unexpected state.


Based on the predictability or probability that a requirement will not be met or satisfied.

Risks may be measured on the scale of 1 to 10 or may be classified as 'High', 'Medium' or 'Low'. However, the latter technique is better and preferred for categorizing the risks as the problem associated with the scale of 1 to 10 is that a developer or a tester may not able to differentiate between the risks, rated as 6 & 7 and may wrongly assume both of them in the same or a different category.

High risks are put in the basket of top priority whereas low risks are set to bottom most priority, for the test i.e. risks in the 'high' category needs to be tested thoroughly and on immediate basis whereas those assigned to the 'low' category may be tested at a later stage.

How to perform risk analysis?

There are several methods, formal or informal to execute the task of risk analysis such as

  • Studying and analysing the documentation work including requirements, specifications, etc.
  • Brainstorming session, involving the participation of Project Manager, Test Manager, Client or Stakeholders.
  • Small sessions involving Business team and IT team.

However, a risk analysis process generally involves three stages of working as stated below.

  • Identifying the risks involved and accordingly, classifying them into two major different classes.
    • Project Risk: Involves risks, which may slow down or obstruct the work flow of the project.
    • Product Risk: Risks, which prevents the fulfilment of requirements or business needs in the software product.
  • Analyzing & assessing the outcomes of these risks, which had already been discussed above in, "How to assess the risks?"
  • Taking and implementing corrective measures to allay the risks.


Overall, it may be stated that risk analysis is a significant activity to estimate the efforts required in dealing with the risks and accordingly, preparing strategies and plan to manage it.