Risk Analysis In Software Estimation

Estimation is closely related to risks of undertaking a project. Effort estimation accuracy is a function of how well the estimator is able to rope in two basic elements in estimation calculation – Productivity and Risk Analysis – both of which have marked influence over effort estimation. In my earlier blogs, I have tried to focus on productivity to some extent, let us now delve into risk analysis.



risk image 2

Risk denotes the chances or probability of occurrence of a particular event which might negatively affect the software project in some form or another. For ascertaining the probability of various classes of negative events, it is essential to carry a risk analysis of the software project.

Effective Risk analysis is defined by the capability of the project manager to identify, capture, define, assess and treat risk factors to determine the quality and accuracy of estimates and hence the success of the project.

Types of Risk

The various types of risks can be related to performance, support, cost and schedule. Various drivers of risk relate to the following:

1) instability and changes in requirement
2) quality of available information
3) attrition of resource
4) technical knowledge
5) limitation of the resource
6) technological/administrative issues affecting project activities,
7) improper interface/design/ process issues


Risk is linked to contingency, a factor which is a product of the probability of occurrence of an event and the percentage of its effect on productivity. This would result in a ‘value’ affecting the overall effort estimate. It is the discretion of the project manger and the organization to consider the ‘value’ which affects effort estimate for overall effort calculation. The contingency effort days should be calculated for variable proportions and categories of risks –based on the probability of occurrence and the impact – assigning a weight to each category – by doing so an overall risk effect can be arrived at. (1)

How Can we do Risk Analysis (2)

1) Define the risk factors broadly under each Type (performance, support, cost and schedule or any other new category).
2) Define and calibrate a scale to demonstrate probability of occurrence of risk factors and categorize them into a chosen degree; example: extremely probable, highly probable, less probable, improbable etc.
3) Provide a weight/value to each probability.
4) Specify a value of either 0 or 1 (if p 5) Demonstrate the impact of each risk factor by percentages based on pre-decided factors.
6) Calculate the contingency element of each risk factor.
7) Determine the net total of all contingency values related to probable risk factors to calculate the overall effect in effort days on the particular software project.

Project Complexity and Risk Management (4)

The degree of risk assessment effort and risk analysis techniques depend on the size and nature of the software project. For a less complex project, risk assessment could be done by simply using qualitative techniques to identify the probable risks and contingencies but for complex projects, qualitative assessment of risk factors and its impact would underestimate actual risk impact as the applied contingency would improperly cover the overall effect of the risks. Hence for complex projects, quantitative models of determining probability, impact and hence risk should be used in combination with qualitative techniques for risk assessment.

A project manager is entrusted with the task of establishing risk management processes which are continuous and cyclical to control risk associated with a software project. In the entire project lifecycle, risks will keep appearing and they must be resolved. To carry out risk management, there are five steps which include identifying the risks which might affect the project, conducting risk analysis through qualitative or quantitative procedure to determine probability, impact and hence the contingency, assessing the risks to evolving a risk resolving strategy (acceptance, avoidance, resolution, or transference), applying risk responsibility to a group for management as per project objectives and client focus and team understanding. The last step of risk management would be to observe and scrutinize the project performance metrics according to the risk management methodology. Risk monitoring and checks help to examine contingency and its resolution and thereby assist in calculation of most accurate estimates for both effort and cost.


Lanza, Gianfranco.

“Function Point: how to transform them in effort? This is the problem! .” Proceedings 5th Software Measurement European Forum . Milan: Data Processing Organization 2008. 131-132.[1]

Kaushal, Poonam.

“Software effort estimation and risk analysis –A Survey.”International Journal of Engineering and Innovative Technology (IJEIT) (2012): 19.[2]

Roger S Pressman

A Manager’s guide to software engineeringTataMcGraw-Hill Edition (2005). [3]

Transportation Research Board

“Risk Mangement overview.”Transportation Research Board, 2010 -. Guidebook on Risk Analysis Tools and Management Practices to Control Transportation Project Costs.2010. 14,16. [4]