Risk prioritization helps the project focus on its most severe risks by assessing the risk exposure. Exposure is the project of the probability of incurring a loss due to the risk and the potential magnitude of that loss.

This prioritization can be done in a quantitative way, by estimating the probability (0.1 – 1.0) and relative loss, on a scale of 1 to 10. Multiplying these factors together provide an estimation of the risk exposure due to each risk item, which can run from 0.1 through 10.

The higher the exposure, the more aggressively the risk should be tackled. It may be easier to simply estimate both probability and impact as High, Medium, or Low.

Those items having at least one dimension rated as High are the ones to worry about first.

Risk control is the process of managing risks to achieve the desired outcomes. Risk control process involves the following activities:
•    Risk planning.
•    Risk Mitigation
•    Risk Resolution
•    Risk Monitoring

Risk management planning produces a plan for dealing with each significant risk, including mitigation approaches, owners, and timelines. Risk resolution is exclusion of the plans for dealing with each risk. Finally, risk monitoring involves tracking your progress resolving each risk item.

Risk planning involves identification of strategies to deal with risk. These strategies fall into three categories:
•    Risk Avoidance
•    Risk Minimization
•    Risk Contingency Plans
Risk planning strategies are discussed in detail as follows:

Risk avoidance is one way to deal with risk: don’t do the risky thing! we many avoid risks by not undertaking certain project, or by relying on proven rather than cutting edge technologies.

Risk avoidance attempts to reduce the probability of a risk. For example, cross-training members of the development team reduces risks resulting from team member leaving the organization.

Risk minimization attempts to reduce the impact of a risk. For example, cross training members of the development team reduces risks resulting from team member leaving the organization.

Risk contingency plans is a plan which deals with a risk it occurs. For example, identifying alternate sources of funding in case financial backers stop supporting the project, or identifying organizations that may be interested in buying a software system in case the client organization involved in the development project backs out.

The risk mitigation is a plan that would reduce or eliminate the highest risks. The key question is: What should be done and who is responsible to eliminate or minimize the risk?

The mitigation plan includes a description of the actions that can be taken to mitigate the red rated risk and assigns a primary handler for the action.

When a risk has occurred, it has to be solved. Risk resolution is the execution of the plans for dealing with each risk. If the risk is at the watch list, a plan of how to resolve the risk already had taken place. The project manager has to respond to the already chalked out plan of how to resolve the risk.

A project manager has to respond to the trigger and execute the action plan. The project manager also needs to report progress against the plan and correct for deviation. The input to this phase is the risk action plan and the outputs are:
•    Risk status
•    Acceptable risks
•    Reduced rework,
•    Corrective action and
•    Problem prevention.

Risk status is the progress of the risk management. Acceptable risks are the ones that are not to be solved. Reduced reworked is a measure of the benefit of using risk management. This has to be calculated to determine whether the risk management works. Corrective actions re procedures that are known solutions if a problem occur and are generally accepted within the project or organization. Problem prevention occurs when typing to avoid problem and thereby eliminating their result.

Risk monitoring is the continually reassessing of risks as the project proceeds and when the conditions change. For example, successful completion of beta testing’ means that the risk of the client organization rejecting the system is minimal, while large turnover in development staff usually increases project and product risks.

For more help in Software Risk Prioritization click the button below to submit your homework assignment