2.3 Risk management
No software development is free from risk, and one crucial activity of development is identifying and managing it. Managing risks requires an early identification of any threats to the development or operation of a system, and then monitoring these threats during development. In an iterative and incremental development, risks in the development stage can be tightly monitored and controlled. The emphasis on short cycles that lead to early implementation helps to address technological problems from the start. The planning and prioritising of increments is done taking into account the risks that may occur (Fowler, 1997). Unforeseen problems can also be avoided by starting the integration of increments early.
Risks are mainly associated with making decisions that may be wrong and with misunderstanding requirements. There are different ways of classifying risks, according to different authors. Fowler, for example, classifies risks as requirements risks, technological risks, skills risks and political risks.
Think of examples of each category of risk given by Fowler.
Requirements risks: building the wrong system, or one that does not satisfy the customer.
Technological risks: using the wrong tools to solve the problem.
Skills risks: not being able to gather the required expertise to develop the system.
Political risks: not recognising influential forces that may affect the development of the system.
The techniques you will learn in this course will help you deal with requirements and technological risks. Requirements risks may be minimised if the development cycles are short and restricted to a partition of the system. This allows decisions to be reconsidered and requirements to be improved and more clearly defined. The order in which increments are developed depends on their importance and on risk factors associated with them. Technological risks may be minimised by the use of the right tools; teaching you how to select and use these tools is one of the aims of this course.