Systematic methods are needed to mitigate risk on complex projects

Skill and experience are not enough to ensure that IT projects succeed.

Skill and experience are not enough to ensure that IT projects succeed.

In software development projects the need to manage risk increases with the complexity of the project. Theorists (and some practitioners) agree there is an increasing need for more systematic methods and tools to supplement individual knowledge, judgement and experience.

Human traits alone are often insufficient to address complex risk. And many of the most dramatic failures in software projects are the result of risks that remain unrecognised and/or ignored until they have already created serious consequences.

The focus on risk is important because structured methods, even simple ones, can be effective in identifying and reducing the potential for trouble before it occurs.

The identification of risk will require the use of qualitative methods. Techniques such as brain storming, Swot (strengths, weaknesses, opportunities and threats) analysis, and threat scenarios used together ensure complete coverage and the identification of the specific sources of risk.

The main problem is to generate enough ideas so that all reasonable and significant risks are discovered. Any risk identification methods should examine all areas of the project in a systematic manner. Typical methods are:

Risk databases

Risk databases provide an ordered collection of information derived from experience on previous projects. A formal risk information system is a good way of ensuring that this information is captured for use on future projects.


A list of areas where you might expect problems to occur, checklists are specific to whatever type of project your organisation undertakes, and must be developed specifically for your particular business or industry.

Swot analysis

Swot analysis of a project usually examines it from the perspective of the parent organisation of the project team. Normally this should be done before a commitment to take on the project is made. However, such an analysis can identify risks that are inherent in the organisation's capabilities with regard to the project.

Specialised techniques

Under this category are included techniques that require specialised knowledge to perform usefully. These include techniques such as cause-and-effect diagrams and various forms of flowcharts.

Lessons learned reports

A source of information from past projects used to identify key issues and provide guidance on best practice.

Risk Management in Software Development Projects is part of the Computer Weekly Professional Series. To order call 01865-888180

Read more on IT project management