Software development is risky business. That’s mostly due to the fact that software projects are typically undertaken in the pursuit of innovation – innovation in the type of technologies being used, the novel features being built, the unique approaches taken – and when you’re going somewhere that no one has ever gone before, you’ll no doubt encounter risk along the way. You wouldn’t assume the moon landing happened without a risk mitigation plan, would you? Even if it was faked, they’d still need to consider risks.
Despite the inherent risk we expect in the software and IT industries, we still see a large number of projects fail because risk management wasn’t given the proper attention throughout the process. By some estimates, software projects face a 75% partial- or total-failure rate. Failure can occur because of poor budgeting, impossible time constraints, insufficient planning, not defining project scope – the list goes on. With all the possible options to fail considered, Gallup reports that only 2.5% of companies complete 100% of their projects successfully. I’ll bet these 2.5% of companies practice good risk management, too.
The key to a successful software development risk mitigation strategy is making sure that all stakeholders – that’s everyone on the development team as well as the client’s team – are involved in the process of identifying, assessing, prioritizing and responding to risks as they arise. If we make risk mitigation a central project management activity, then software projects, especially those with cost and time constraints, will be more successful overall.
Defining Risk in Software Development
Think of any risk as a potential problem that could result in a project suffering in some fashion. Risks vary in their severity. Some can be pretty small, only having a temporary delay in development. This could be something like a key developer getting the flu and being out of commission for a few days. On the other hand, some risks can completely derail a project. These can include, but of course are not limited to:
- Overestimating or underestimating development schedules
- Key employee turnover
- Poor allocation of staff, resources or budget
- Unclear requirements
- Overpromising to close a deal
- Rushing the design process, or attempting to run the design process concurrently with development
- Poor time management
- Lack of proper testing
- Absence of a project manager
- Unavoidable risks: Changes in industry regulations, sudden loss of funding, criminal interference, evolution of technology, etc.
How to Mitigate Risk
Before we can create a software development risk mitigation plan, we have to know what they are, first. Past experience helps a lot with this. If you work with a software development team that has been at this for some time, you’ll have the benefit of engineers who have familiarity with the kinds of problems that could affect a project. With each successive project, the process of risk management should improve.
Identify Risks and Triggers
At the onset of a project, all stakeholders need to identify and describe any possible threats to project success. Along with the risk itself, their triggers also need to be determined. Triggers are indicators that will signal that a risk has already occurred or is about to occur. What condition or event can serve as a heads up that it’s time to implement your software development risk mitigation strategy?
Classify and Prioritize Risks
A long, disorganized list of risks doesn’t exactly lead to a manageable process. To help prioritize risk, you should arrange them into several key groups. Typically, software development risks come from a few main areas:
- New, unproven technologies
- User and features requirements
- System architecture
- Development performance
- Project management and organization
Both the risk categories and the risks within those categories will be prioritized.
Develop a Mitigation Plan
Your software development risk mitigation plan should be considered part of your larger project management strategy. This plan will outline the response for each risk should it ever materialize. By being prepared from the get-go, you won’t be blindsided when a problem pops up. All stakeholders will know how to respond.
To mitigate a risk, there are several main approaches that can be taken:
- Acceptance: Making an explicit decision to accept the risk without any changes to the project. (Choosing to use an unproven technology because the benefits could outweigh the risks)
- Avoidance: Adjusting project scope, schedule or constraints to minimize the effects of the risk. (Choosing not use a certain codebase because of the risks that could arise when the application needs to be scaled later)
- Transference: Implementing an organizational shift in accountability, responsibility or authority to other stakeholders that will accept the risk. (Outsourcing an aspect of the project, such as the UX design, to another agency
- Limitation: Taking action to minimize the impact or reduce the intensification of the risk. (Accepting that there is a risk associated with a technology but making sure the development team has been educated on it)
Monitor for Triggers
In order to be the most effective, risk monitoring needs to happen throughout a project’s lifetime. In practice, this simply means that during regular check-ins that should be happening throughout development, all team members are checking for possible triggers, giving emphasis to the risks that could be the most detrimental.
This also means that should there ever be a major change in the project, your software development risk mitigation plan is also being reviewed for possible revisions. This could mean brainstorming any additional risks a change introduces and re-prioritizing your risks to align with the new threat environment.
Implement Risk Mitigation Plan
When a risk occurs, already having a plan in place helps everyone respond quickly to keep the project on track. Even if the plan is simply to accept a risk and be aware of it moving forward, it’s important for everyone to be a part of that conversation.
Communicate Risk Status Throughout Development
There will always be the risk of external forces affecting a project in any business venture, software development not exempt. For those risks that we can control, there is usually one common element, though: communication. Inadequate communication will kill a project; stakeholders, developers, security analysts, QA testers – everyone needs to share information so when a trigger does happen, we can respond in time
Your software development risk mitigation plan will fall apart if everyone isn’t communicating regularly with one another. That’s one of the reasons why Vice Software prioritizes communication between our development team and clients so much. With so many hands helping to stir the pot, we’ve developed some processes over the years to best manage all the communication, collaboration and organization involved in building an amazing product. Through frequent demos, our open Slack channel and automated GitHub notifications, you’ll never be in the dark. Our goal is to make sure everyone has complete visibility, so when a problem comes along that threatens our project, we’re able to mobilize and respond immediately.
Software applications have to conquer many obstacles before they enter the world, so it’s no surprise that so many of them never see the light of day. To make sure that your idea comes to fruition, choose a team that values proactive project management and constant, open communication. Get a quote from Vice Software today to start the process!