When the risks have been identified, all items are analyzed using different criteria. The purpose of the risk analysis is to assess the loss probability and magnitude of each risk item.

The input is the risk statement and context developed in the identification phase. The output of this phase is a risk list containing relative ranking of the risks and a further analysis of the description, probability, consequence and context. The main activities in this phase are:

1.    Group similar risks: Detect duplicates and find new risk items by roping the identified risks into categories.

2.    Determine risk drivers: The risk drivers are parameters that affect the identified risk. For example, schedule drivers are included in the critical path model. Determining these properties help to assess and prioritize the risks.

3.    Determine source of risks: The sources of risks are the root causes of the risks. These are determined by asking the question why? and trying to figure out what may have caused the risk. Several root causes may lead to the same risk.

4.    Estimate risk exposure: The risk exposure is a measure of the probability and the consequence of a risk item. The consequence can also be stead in terms of loss (for example life, money, property, reputation).

5.    Evaluate against criteria: Each risk item is evaluated using the predefined criteria, which are important for the specific project. Criteria may be stated in terms of the probability of occurrence, the consequence and the time frame. This information is used to prioritize the risks.

Once this is done, risks can be prioritized, and the most serious risks can be identified for monitoring.

For more help in Software Risk Analysis click the button below to submit your homework assignment