Risk Assessment

• Estimating the project's size in the early phases - the project's size affects how the deadlines will be set up, and is positively correlated with monetary expense and risk.
• Setting up the deadlines realistically - as a result, the necessary time to establish the rhythm of the project, prevent delays, and enter a steady state in which the effort is equally distributed from the beginning of the project, without putting an extra workload to the team members at the end of the project phases.
• Collecting and studying reports on other similar projects - this provides the possibility of learning from the other projects' and other teams' experiences; in that sense, a process data base is essential for an organization that wants to go higher than Level 2 on the CMM level ladder, engineering management depends on measurements, and their proper use, and this data base is to be regarded as an organizational asset and it is to be properly managed.
• Top management commitment - if top management does not play a strong,active role in the project from initiation through implementation, then allother risks and issues may be impossible to address in a timely manner.
• Failure to gain user commitment - when the users are actively involved inthe requirements determination process, it creates a sense of ownership,thereby minimizing the risk that the end-user expectations will not be metand that the system will be rejected.
• Timeliness of additional user requirements - it is essential to have the usersinvolved in the development process from the beginning to the end;however, it is highly preferable to have the requirements frozen at acertain point in development.
• Familiarity with technology - the higher the organization’s experience with application languages, technology databases, hardware, and operating systems, the lower the risk in the project.
• Insufficient/inappropriate staffing - the risk of failing to provide adequate staffing throughout the project can be mitigated by using disciplined development processes and methodologies to break the project down into manageable chunks, and developing contingency plans.
• The degree of structure in the project's outputs - it is negatively correlated with the risk in the project.

In the context of the Unified Process of software development, it is adopted that one can never fully eliminate risks; at best, one can manage them.For that reason, the Unified Process stresses the need to drive software development as an architecture-centric activity. Architecture-centric approach forces the risk factors to emerge early in the development process and make the process simultaneously risk-driven - when the risk factors are identified early, managers can take steps to mitigate them. Experienced software project managers recommend to maintain a running list of project's top ten risk factors and use that list to drive each release..............