After completing this chapter, you will be able to:

• – understand risk management;
• – know the main standards and models that include requirements for risk management;
• – understand the risks that can affect the quality of a software;
• – understand the techniques used to identify, prioritize, document, and mitigate risks;
• – understand the roles of participants in risk management;
• – understand the human factors involved in risk management;
• – understand how to conduct risk management for very small entities;
• – recognize the requirements for risk management in a software quality assurance plan.

11.1 Introduction

Software engineers and project managers are eternal optimists. When planning a project, they often assume that everything will go as planned. Reality is very different as every software project includes risks. Risk management is recognized as a proven practice in the software industry. According to Charrette (1992) [CHA 99], many software professionals have the wrong perception of risk management. They see it as a necessary but uninteresting task to be done before the really interesting coding work begins. It is perceived as over management or as another bureaucratic activity that prevents the organization from achieving its objectives.