I’m interested to hear feedback regarding how other development companies measure project risk.
We currently track three general classes of risk (although in a very simplistic way) for a project:
1) Technical risk – how likely is it that we will run into something that we don’t know how to solve (or that can’t be solved as stated – or is generally insoluble).
2) Bottom line risk – how likely is it that the project will cost too much to build (i.e. it won’t be profitable). Note that even projects that are not fixed cost (i.e. are billed on an hourly or some other type of flexible basis) can run into issues if they start to cost more than some unstated budget on the customer’s end. This type of risk is frequently the largest concern on our end of things, because (like many service organizations) our largest expense is staffing.
3) Customer risk – I’ve had customers go out of business, vanish, fire us etc in the past. There are frequently warning signs from the start that a particular customer may be more risky than usual. We’ve started tracking issues in a database to try to become more adept at evaluating this sort of risk.
How does your company measure and evaluate risk? Are there relevant categories missing from my list (VaR, Black Scholes etc aren’t really relevant to software development – I think).