Why Need Risk Management?
Risk can be defined as Hazard; danger; peril; obstacles; exposure to mischance or harm; venture (Canfora & Troiano, 2002). Dwaikat & Parisi-Presicce in (2005) defined risk as the probability of selfish use of software vulnerabilities. Such selfish use often causes a loss, either tangible or intangible, to the project owner. Risk according to Biswas, Debelak, & Kawamura (1989), implies a measure of some possible loss. Therefore, understanding risks and threats in any business is the first step to make a good decision. According to OXFORD dictionary risk can be defined as:
Chance or possibility of danger; the possibility that something unpleasant will happen.
Dwaikat & Parisi-Presicce (2005), classify risks into three types: project risk, like the risk of cost and time scale, technical risk, when the project doesn’t meet one or more of its functional requirements, and risk to life that causes death or breakdown to project. Regardless the type of risks that have to be faced, there are so many techniques and tools to do that in this constantly changing economy.
Risk in general is a problem that could cause some loss or threaten the success of our project, but which hasn’t happened until now and we work to keep it away. For the field of business, software- related risks can be defined as the multiple undesirable events that may occur.
Risk Management is a collection of methods or techniques that aim to minimize or reduce the effects of project failure (Addison, 2002) which match Crossland, Williams & McMahon(2003) definition of risk management which is a “coordinated activities to direct and control an organisation with regard to risk”.
Risk management and measurement are crucial for today’s organizations survival. The implementation of risk management system is one of the most crucial challenges that organizations might face in this rapid changing world in order to identify, analysis and prevent business exposure. In another words risk management benefits can be: warnings at the early stages to avoid loss, triggers or indicators for future opportunities and better decisions making process.
Risk Management Process
Due to the importance of risk management field, there are so many standards that are specified for this field like ISO 17799 and AS/NZS 4360, others deal with risk management as part of project management standard or IS development process standard as CMMI (Ewer & Mustafa, 2008). The majority of related standards approximately agree on four phases to manage risks (Crossland, Williams, & McMahon, 2003). In this context the first three phases are the essential ones while the fourth one forms the umbrella activity of risk management process (Raza, 2009) (see Figures 1 and 2).
Figure 1. Risk management phases, adapted from As/NZS 4360:2004 standard
Figure 2. Risk management process adapted from (Raza, 2009)