Risk management has long ago been recognized as a crucial part of any organization’s functioning. It can be used for IT projects as well. Such “insurance” increases the chances of success drastically. Moreover, developers and stakeholders feel much better, and the process goes smoothly.

On the other hand, many failures in IT projects are rooted in the wrong risk management process. Almost 100% of the challenges a project can face are nothing new and can bring much less harm if managed correctly.

So how do you approach risk management in the right way? We are ready to share our insights from many years’ experience. Here, you will find a comprehensive list of the most common types of risks with examples. It will help you identify the risks in your project – #1 step in risk management. And there’s more – we also recommend solutions based on TRIARE’s team experience. So let’s begin!

IT project risk definition

Risk is any unexpected event that could potentially impact the timeline, performance, processes, and resources involved in a project. This high level of uncertainty is what differs risks from issues, which are events certain to happen, or risks fulfilled.

Risks are usually divided into internal (development process) and external (client’s influence, government, market, etc.). Unlike the common view, there are not only negative but also positive risks (imagine, if there are more users than planned).

So risk management is the process used by IT project managers to identify and address the risks before they become issues. It can vary depending on the size of a project. While smaller projects might only need a simple prioritized list of risks, large-scale ones usually use strategies with extensive detailed planning. But either way, you need to begin with identifying the risks. Let us help you with the examples below.

Types of risk

Risk Management in estimation

An estimate is an evaluation or calculation which most often refers to the time in IT projects. According to our project manager, a good estimate is within 25% of the actual results of 75% of the time.  Well-controlled projects can sometimes be estimated with ± 10% accuracy. But what if your estimate is far from that?

 It is a common situation in IT project management, which occurs due to unstable requirements, chaotic development process, omitted activities, unfounded optimism, subjectivity, and bias. Many risks are related to wrong estimates. For example, underestimate leads to:

• Failed deadlines
•  Reduced effectiveness of project plans
• Lack of time for technical foundation
• The appearance of destructive lateness dynamics

Overestimate is not good either, leading to:

• The expansion of work to fill all the available time (Parkinson’s law)
• Students Syndrome
• Customer’s desire to instill a sense of urgency

Solutions:

Make estimates better. Go for reliable estimation techniques. TRIARE professionals choose different methods depending on what fits the project best: estimate by analogy, historical data, expert judgment, decomposition/WBS, 3 Points estimate, Delphi method, Planning Poker, T-shirt method, etc.

Keep changes in mind. A Cone of Uncertainty is a method used by leading organizations that allows requirements changes throughout the project. For example, NASA’s Software Engineering Laboratory plans a 40% increase in requirements through this method.

Respond to the risks. The small gap can be managed by extra preparation or by changing the schedule, backlog, or budget. The large gap usually means reconsidering the project’s targets.

Developer Skills Risks

Managing it projects means mitigating personal (related to staff) risks more often than you might think. Examples of such risks include:

• Impossibility to find employees with required skill level
• Lack of commitment
• No time for training
• Absence of metrics & tracking of staff skills
• Operational or management risks
•  Productivity issues
• Unexpected absence (developers leave or get sick)
• Failure in resolving priority conflicts
• Undefined responsibilities of each team member
• Resource planning is overlooked.
• Poor communication 

Solutions:

Use metrics. Project managers at TRIARE believe: you can’t improve what you don’t measure. The relevant assessments help benchmark the strengths and weaknesses of the developers as well as track the progress of continuous improvement.

Make it clear. Operational or management risks mostly occur when there is no clarity in team structure and responsibilities.

Enforce productivity consistently. Developers tend to take things easy at the beginning. They rush through the important design stage and like to show off their skills by coding unnecessary features. It is up to the project manager and team leader to avoid this. Set a realistic schedule with priorities for tasks & deadlines. Track the progress and hold frequent demos.

Strengthen commitment. There are many ways to do that. We at TRIARE enjoy the possibilities to grow on an individual basis and detailed communication on the projects that make everybody feel like an important & interested part of it.

Be ready for leaves. Unexpected sick days or layoffs should not get in the way. The key is to share the same essential project knowledge between all team members. Resources for collaboration and project documentation will be helpful for substitutes.

Schedule Risks

Schedule risk in IT project management is failing to meet deadlines and consequential effects. Examples of such risks include:

• Changing requirements during the implementation
• Failed tests
•  A delay in one task causes a cascade of delays.
• Some facilities are unavailable on time.
• Third-party tasks take longer than expected.
• Dependency on a yet undeveloped technology or government regulations causes delays.
• The hiring process or paperwork takes longer than expected.

Solutions:

Take prevention measures. Consider and analyze all possible factors like this. Assign tasks only according to team members’ skills, strengths, and weaknesses. Track progress and address all issues consistently (for example, at Daily Scrum).

Optimize the schedule. Try to organize tasks in a way, so each of them does not have an overabundance of preceding dependencies. Also, put difficult tasks early in the software development process, and schedule frequent plan reviews.

Respond quickly. It is important to inform the client about a shifting deadline as soon as possible. Try splitting a bigger task, and deliver some smaller pieces of work. It is much better than nothing and shows commitment.

Quality Assurance Risks

Risks related to the QA process might include:

• Incorrect or changed requirements
• Late submission
• Problems of integration with customers’ internal systems
•  Issues due to the unavailability of servers
• Time limits that influence the testing process

Solutions:

Track time. QA Leads at TRIARE track the entire testing process carefully, considering the progress of both testers and developers. They estimate not only the percentage of finished work but also the time it will take to complete the rest.

Encourage the team to keep risks in mind. Every QA Engineer should be aware of the risks and be ready to contact the project lead immediately in case of any unforeseen situations and blockers in work. It increases the chances of eliminating the problem in time.

Development Process Risks

The software development process is a sequence of the stages every project goes through. It is often called a software development life cycle (SDLC). There are many SDLC models to choose from. If the chosen SDLC model does not fit your project, it can create many risks and issues. Even if you choose wisely, you need to be aware of its peculiarities and cons because none is perfect. For example:

• The waterfall model is associated with the risks of costly remakes because there is no way to take a step back.
• The iterative model usually leaves the client more satisfied, but the process is long, and sometimes the requirements can completely change in the process.
• The spiral development process is incompatible with most of the smaller projects because overall, it takes much longer than a development stage alone.
• Agile practices are no panacea either: everything can go awry if the customer fails to communicate their requirements and feedback constructively.

Solutions:

Choose wisely. There is no one best model, so there are no ready solutions. You need to learn about each of them to make an informed decision. We recommend starting with our comprehensive guide. Assess the project requirements and define the selection criteria. For example, keep in mind issues like the size of the team and their skills, stakeholders’ concerns, the type and size of the project, etc.

Decide and adjust. You can optimize the development process anytime. Of course, you are free to make changes to an existing model or even create your own – whatever suits your team and a particular project best.

Project Management Risks

This category probably includes the largest list of possible risks. Project managers at TRIARE are closely monitoring every aspect and every detail. For convenience, we usually divide them all into three major categories: Cost, Schedule, and Performance risks. To give you a glimpse, examples might include:

• Technical Risks
•  Resource Risks
•  Market fit
• Manufacturability
•  Unit cost
• Interpersonal Risks
•  Unknown Risks

Solution:

Act on every risk. While we can’t avoid every risk on the list, mitigating and managing a lot of them usually helps us avoid many schedule extensions. With as many risks, the law of averages rules, resulting in a shorter project path with better results. A plan of action and a responsible person assigned for every risk are key.

Evaluate & monitor. Track management of the existing risks and stay updated about the new ones. At TRIARE, we nurture a project risk management culture through regular meetings, sharing knowledge, and motivation to address issues immediately.

We hope our list of possible risks and solutions will come in handy in your project and wish you good luck!