web analytics

What are the categories of risks in software engineering? Explain the process of risk management.

Risk Management:

Risk management is a series of steps that help a software team to understand and manage uncertainty. It’s a really good idea to identify it, assess its probability of occurrence, estimate its impact, and establish a contingency plan that─ ‘should the problem actually occur’. Risk management is a part of umbrella activities.   Simplistically, you can think of a risk as something that you’d prefer not to have happen. Risks may threaten the project, the software that is being developed or the organization.   

Categories of Risks

There are three related categories of risk

  1. Project Risks
  2. Product Risks
  3. Business Risks

Project Risks

Risks which will affect the project schedule or resources are project risks. For example, stuff turnover, that is an experience team member of a project may leave the organization in the middle of the project.

Product Risks

Risks that affect the quality or performance of the software are product risks. For example a component isn’t performing as expected.  

Business Risks

Risks that affect the organization developing or procuring the software. For example, a competitor is developing a similar product that will challenge the product being developed.  

Process of risks management

Software team should address the risks beforehand, at least as many as possible. Based on that, they also have to predetermine actions to avoid bigger impacts when development is underway. Following are the stages of risk management.

  1. Identification
  2. Analysis
  3. Planning
  4. Monitoring
process of risk management
Process of Risk Management


Identifying the possible risks in project, product and business.  


After identifying the risks, the following consequences of the risk and what might cause the risk are then analyzed.


In planning stage, the risks are quite clear. Now software team has to establish two plans for each risk. Firstly to avoid the risk, secondly to minimize the effect of the risks. After that, the software team implement any or both plans for the risks.


At this point, identification of risks in complete. Also analysis and planning for each risk is also complete. However, with time, situation may change. That is why it necessary to monitor risk status and project progress to find out and bring necessary change to the plan of addressing the risk.