Types of Risks in Software Projects

Are you developing any Test plan or test strategy for your project? Have you addressed all risks properly in your test plan or test strategy?

As testing is the last part of the project, it’s always under pressure and time constraint. To save time and money you should be able to prioritize your testing work. How will prioritize testing work? For this, you should be able to judge more important and less important testing work. How will you decide which work is more or less important? Here comes need of risk-based testing.

What is Risk?
“Risk is future uncertain events with a probability of occurrence and a potential for loss”

Risk identification and management are the main concerns in every software project. Effective analysis of software risks will help to effective planning and assignments of work.

In this article, I will cover what are the “types of risks”. In next articles, I will try to focus on risk identification, risk management, and mitigation.

Risks are identified, classified and managed before actual execution of the program. These risks are classified in different categories.

Categories of risks:

Schedule Risk:
Project schedule get slip when project tasks and schedule release risks are not addressed properly.
Schedule risks mainly affect on a project and finally on company economy and may lead to project failure.
Schedules often slip due to following reasons:

  • Wrong time estimation
  •  Resources are not tracked properly. All resources like staff, systems, skills of individuals etc.
  •  Failure to identify complex functionalities and time required to develop those functionalities.
  •  Unexpected project scope expansions.

Budget Risk:

  •  Wrong budget estimation.
  •  Cost overruns
  •  Project scope expansion

Operational Risks:
Risks of loss due to improper process implementation failed system or some external events risks.
Causes of Operational risks:

  •  Failure to address priority conflicts
  •  Failure to resolve the responsibilities
  •  Insufficient resources
  •  No proper subject training
  •  No resource planning
  •  No communication in the team.

Technical risks:
Technical risks generally lead to failure of functionality and performance.
Causes of technical risks are:

  •  Continuous changing requirements
  •  No advanced technology available or the existing technology is in initial stages.
  •  The product is complex to implement.
  •  Difficult project modules integration.

Programmatic Risks:
These are the external risks beyond the operational limits. These are all uncertain risks are outside the control of the program.
These external events can be:

  •   Running out of the fund.
  •   Market development
  •   Changing customer product strategy and priority
  •   Government rule changes.

These are all common categories in which software project risks can be classified. I will cover in detail “How to identify and manage risks” in next article.

Recommended reading


#1 vami k

Should we consider and risks as problems while analsing risks?
More on how to address the risks associsted with resources, mainly human resources like if a tester is leaving the team in between then how to analyse the effect of this on project performance and how to minimise such risks?

#2 Veronica

Hi, my name’s Veronica.I’m beginner in the knowledge of software testing. May I talk with someone, who can help me understand this process. My english is not so good, but I undestand what you’ll can to say. I read many information about sofware testing, but I nor undestand the essential of this. May I talk with somebody by ICQ who know how it work, who can give me the sample which I try to do the test. In theory I undestand , but in practical I’m zero.
Please help me somebody!
Send your IQ address on my e-mail.
Thanck you very much.

#3 Veronica

my e-mail address: vercic@gmail.com

#4 hari

Is these risks taken care by testers.What are responsibilities if we found such type of risks.Mainly Operational risks.

#5 Gatari Mishra

can some body please give the best bug report formart..
or else give some tips to prepare a effective bug report.



#6 Mruga


I have a question that how the testers can incorporate these risks in their testing cycle?Is this only be used at the time of creting Test Plan?

#7 rahul


Can you elaborate on Programmatic Risks,
Does it depends on the coding? you have not mentioned anything about coding…..

#8 chanchal

I am a fresher I am going to complete my diploma in IT
in feb month .I have good knowledge of manual testing as well as automated testing such as winrunner,testdirector.load runner and QTP.i have worked in live project. so Ple advice me how to get into company as fresher my Ph no is 9902280190 .

#9 Vijay

@Vami – Problem is different than risk. Risks are future uncertain events those may or may not occur. Problems are events that are actually occurred.
Handling the resource risks is fairly depend on management. Project management should have contingency plan if any human resource is not available in between the project. Such contingency plan include backup resources, training approach to new resources. Also fair work distribution and involvement of each project member in every project activity can minimize resource risks.

@ Hari and Mruga- Ideally each and every risk should be identified in advance and contingency plan should be available in project risk management strategy. Individuals may be testers related to each risks are responsible for implementation of risk response action based on risk occurrence.

@Rahul – Risks related to coding are Technical risks and not come under Programmatic Risks.

Guys, in coming post I will cover risk identification, Analysis and management in detail. So all your queries will get addressed in detail.

#10 dhana

plz anybody send me manual testcase documents.

#11 Priya.K

I need different types of test cases writing.
for Eg: for login screen wht are the types or in what all ways we can write.

#12 Thulasi Suresh

I agree what you stated is right. QA is nothing but Planned and systematic set of activities. Before risk occurs we need to state that what are the possible ways it may occur and also the preventive action plan.

@Priya.K (Login Screen)
1. As of Unit Testing – Validation of Username and Password
2. Integration – On click of Login whether server validates the authenticated user or not
3. System – Recovery Testing, Performance Testing, Regression, Security Testing, Compatability Testing (OS and Browsers).

#13 NadeemAhmd Junaidi

How to begin in an interview wen a question is posed explain ur current project?wat n all things to b covered while answerin for this wat not to mention to play safer

#14 motiranjan

can u give some information about test data and how to generate test data

#15 Prasad

According to adhoc testing, when we test without specifications, if any changes occurs in ur build… whether this test case should be added in the specification or not…

Can u reply this question…

#16 Seethapathik

I want to know the terms 1. Test Strategy,Test case,Use case,Test plan,Test Suite?

#17 Vishal

I am working as Software Test Engg. Till now I have not appeared for any of the Testing certification Exam. So can you please suggest me for which exam Should I appear first…..?

#18 Kiran kumar

Hai Everybody…i am silent member to this community….i am a entry level testing professional ….can anyone suggest good testing books for basic software testing ?

#19 lalit

hi vijay or anyone can you mail me the “How to identify and manage risks” material to lalitd@indiatimes.com its urgent

#20 nandini

could u tel me the how to design and write the testcases.

#21 salim

hi first of all you should write the fields like testid,test description,test steps,expected result and actual result,test status for further contact my gmail jobssalim@gmail.com

#22 Munikrishna

I am working as a Soft Ware Test Engineer .Anybody can tell How to prepare Test plan

#23 Munikrishna

I am working as a Soft Ware Test Engineer.Anybody can tell how to prepare Test Plan

#24 Ekta

I am attending interviews to get job as software tester. For short duration projects companies expect me to have full knowledge of TEST PLAN,TEST METHODOLGY , TEST STARTEGY and TEST DELIVERABLE.Many times i face problem to answer these questions properly.Can anybody tell me how to prepare test plan. Please help me with these questions.

#25 madhav

what is the difference between version and Build?

#26 madhav

Build means which is released to testing team for testing.
whereas version means which is released to end users for use or may be for acceptance testing.
correct me if am wrong.

#27 Tiger2K

BUID is process of converting sourece code in to executable code (.exe) and giving it to the testers for testing.
Version is number of release made during the life cycle of a product.

#28 madhav

thank a lot Tiger

#29 vinodini


Could please let me what kind of Risks/Contingencies are expected to be written in a test plan.

#30 Rajatha

i will one u one ex for this.
assume there r 3 modules ‘A’,’B’,and ‘C’ and 3 Test Engineers 1, 2, 3.
1. Assumption: every person who all involved in project will remain till the end of product life cycle.

2. Risk: some person may quit the job in the middle, who has been assigned to handle module ‘B’.

3. contingency plan :
person1 : primary module -> ‘A’
secondary module ->’B’
person2 : primary module -> ‘B’
secondary module ->’C’
person3 : primary module -> ‘C’
secondary module ->’A’

so in this ex, person2 has left job, so person1 has to continue with this module. so v can save time of training new engineer.

suggestions would be accepted.

#31 Suresh Balakrishnan

Hi Vinodini,

This is Suresh Working as a Test Engineer. I have mentioned about Risk and Contingency as follows:

Risks and Contingencies
Specify any potential risks and plans for mitigating, addressing and/or resolving those risks.


#32 Chhaya chaudhari

can u tell me how to write test strategy?

#33 Manya

Hi , I’m currently doing my master’s thesis on risk based testing . I was wondering if anybody in this group has anything to say about “Risk Based Test Prioritization in Agile processes” .. I haven’t personally worked in an agile environment , so , do you think if risk based priotization of testcases in an agile process maes any sense at all? or are is it a contradiction of terms

#34 Shivakumar

@manya –Hi agile testing is development driven by testing … Risk based prioritization would be for any testing process and it will also be in agile testing

#35 Akathingo

This is quiet an interesting site i can say. i would love to know how risk management plans are to be gone about as far as project planning is concerned.

#36 revathi

about insurance

#37 lucy

please explain to me types of maintainance that can be carried out on a software product?

#38 lucy

pliz help me;am working on a project tha should be related to IT.my choice is to createv a system for a library.pli give me a sample of a library system project.

#39 Manjula

Hi ,

I want the information on how to identify risks when our tool is replaced with third paty tool.
How to identify risks when the third party product is interacting with so many interfaces( we dont ahev any documents like BRS.Only when we have arche tech diagrams and small description abotu the interfaces and product)

#40 Safia

I need to know RMMM. How can I reference any RMMM plan for a particular list of risks. Can you send me few links related to finding Risk Mitigation, Monitoring and Management Plan asap?

#41 godfrey

i need help! have a report on the misinterpretation of risk management in software project management….could u give me some links where i could source of materials to help me. i need every advice or material

#42 Aishwarya


looking for a change with following profile

Exp – 5 Years
Skill- Manual testing, sql, Unix, agile, knowledge of QTP
Notice- 15 days
Location- Pune
email- aishwarya.koche@gmail.com

Thanks in advance

#43 Roel


I need to create a Risk Management Plan, I came upon your site while searching the net for some references. Do you mind if I use this a reference? I would like to request for your permission so I could include the information here to my document.


#44 Ritu

Am testing a web application.in tat application OS has been upgraded.I need a sample TEST STRATEGY and TEST PLAN for OS upgrade.kindly send me these 2 docs to my mail performanz87@yahoo.com

#45 Swati

You mention the ‘next article’ How to identify and manage risks- where can I find it?

#46 Phyo thu maung

I am a IADCS student, and I want to know about the risks faced by project manager. Please explain me about the summary of risks faced by project manager taking over an existing project, which has a cirtical deadline


please tell me which test shold be efficient if code below ten thousand line?

#48 G.Chaitanya

which software model can be used if we have limited number of requirements?

#49 Ramani chandra


I am ramani chandra

Last week I attended tcs interview.They asked one question about severity and priority.question is if i am having the bug wiht low priority and high severity which one will i test first? I said high severity i ll test first is it correct? this is my email id :rchandra06@gmail.com

please send me some real time interview questions and how to answer

#50 Ramani chandra

Can u please send me sample document s of test plan to this mail id rchandra06@gmail.com

#51 jagan

explain a risk factor with a practical example in daytoday life…………………….

#52 Vamsi

I had dropped a mail to chandra..regd severity and priority justfication..u can check and reply me the comments..

Best Regards,
vamsi Krishna

#53 AbuHashem

i’d like to know if any one have a general risk list for the IT projects.


#54 Vanitha

I am Vanitha

I have done B.E(ISE) passed out in 2009. Now i am working in small company handling CRM project(sending sms to customer) . I am working as sofware developer. Actually it is a small company, they dont have any testing tool. so i have coded form. Now i am looking job on software testing.

So How do get prepare???
Which Testing Method is good for CRM??

If HR Asks me….. why i am looking job in software testing field..
Then How do i Convice him???

Please help me……

#55 swapna

can you anybody tell me what testing we are use in software projects commonly. how to find the differences .

thanking you

#56 rikitiki

Since you mention your next article, it would help to have a link to that article. I don’t see one anywhere obvious.

#57 vennelacnu

Hi Vanitha,
Testing methods are common for every tool if you have domain knoledge means enough.
now a days in market having SAP testing,.net testing and Mainframe Testing etc..but the testing methodologies are common in software testing what ever the application is your going to apply common proceedure so dont bother about it you concentrate on concepts of testing and in which time we are going to appy these tests in application.
And the HR asking you why you choose testing ?
comparing to my Engineering degree and skills it is suitable to me and i have such politeness to work on it.

#58 Sanu Jos

Hi Ramani ,

Please find the answer for
Query: 49 Ramani chandra on 09.17.10 at 10:25 am

for me it seems, we should test High priority and low severity bug if there is strict time line.(Delivery time is very near and you cannot focus on Major bug fixes)

Justifications :
# We can easily make the fixed code on board with minimal time .
#most probably , the test effort and bug fix effort will be less for low severity bug. for example : A spelling mistake on the home page .Developer can easily fix the issue and deploy the bug fixed code on board with in minimal time.
#If developer tries to fix the high severity issue , QA needs to do a regression test to ensure previously working functionalities are not breaking.

Please let me know other’s comments/ thoughts .

#59 Sanu Jos

Hi Veronica

Please find the answer for your query :
Veronica on 12.19.07 at 8:06 am

When you say you need to know Testing Process..
i would like to know where you want to pitch in ..

1)Test Requirement Analysis
2)Test Scenario specification
3)Test case/Script preparations
4)Test Execution
5)Test Reporting
6)Test Report Analysis & Review

#60 ritika

I am Sr. Software engineer with an experince of 8 years in manual testign and in Managing projects (As acting team lead). could any one mail me the type questions that can be asked to an 8 yrs experinced tester.

Thanks in advance


#61 ritika

I am Sr. Software engineer with an experince of 8 years in manual testign and in Managing projects (As acting team lead). could any one mail me the type questions that can be asked to an 8 yrs experinced tester.

My email id is : ritika102011@gmail.com

Thanks in advance.


#62 yusuf

i am a student from informatics computer school running my Bsc in computing. as part of my assignment i was assigned to identify 10 possible risks that can occur in an examination system for a school. and i have no idea how to identify these risks. can someone pls help me..thanks.

#63 Viplav Anand

Risk is nothing but minimizing of the budget to test without compromising on losing the biz due to missed defects.

In more simple terms if you take it,

suppose you have to test an application, and you can do 100% Test coverage and it takes suppose 25 man days,

Now do some analysis,

First : if you reduce the man days available to 22 and check for the coverage how much you can target, whihc in some statistical analysis comes to 90.3%

Second : if you reduce the man days available to 20 and check for the coverage how much you can target, whihc in some statistical analysis comes to 90.2%

Third : if you reduce the man days available to 18 and check for the coverage how much you can target, whihc in some statistical analysis comes to 90.1%

Fourth : if you reduce the man days available to 16 and check for the coverage how much you can target, whihc in some statistical analysis comes to 85.1%

then it is obvious that bringing the testing time to 18 days gives a test coverage to 90.1 % but any further reduction results some drastic change, however with 22 man days of effort it is not making much of a variation from teh one at 18.

Hence proceed with 18 man days .

But there are some tools which big organisation develop for their projects and proceed with a Risk Based Testing, which is more statistical to help the client be in synch with what is the risk.

#64 Srinivas

hi can you please send the testing premier book to srinivaspatro@gmail.com? i tried to download from the given link, but its not working.

#65 anusha

i want learn s/w testing tool…but i don,t have any idea about this…..if i learn with in 30day…r not?..it easy r not?if i learn this i’ll get a job easly?

#66 mania

I need help about this,I wanna know about generic risk in ITs projects plaese mail me about it.

#67 manjunath

hi anusha
Testing is easy when u like to do.
1. u should be done BSC or BE or MSC IT or MCA, then it is easy to understand the tool
2. manual testing is easy to learn no programming skill required
3. for automation u should know vb or c# pgm languages
u can learn with in 30 days manual testing

if u want any help regarding books or tool free feel to contact me

#68 Shah H

Does anybody know what Risk aging is and how do we monitor it ?

#69 John

Frankly I’m a little saddened by the blasé nature of the attitiude towards testing as a profession on here.
I’ve been a professional test consultant to some of the UK’s and the world’s largest IT programmes over the last 15 years and would say that the information being disseminated BY POSTERS on here is largely innaccurate and misleading to those wishing to start a career in testing.

If you have any sense at all you’ll already know that taking you knowledge from others on internet forums is definitely no way to learn in the long run. Read, pay to study for an ISQTB or similar, most of all, go out and get a role with a group of test professionals who will pay very little but give you great experience on projects.

Don’t waste your time trying to cut corners by getting ‘tips’ in forums, trust me, though the information presented by the website is GOOD, the information given by other posters is weak at best.

So I repeat, and I’m sure the site owner would agree, there’s no substitute for real experience and proper study, but sites like this can be an excellent supplement and a great help whilst you’re working (I came here to read a little regarding representation of risk in test planning and got distracted by the terrible posts of some people).

Good luck all

#70 issa

how to evaluate the potential risk and to justify plan for risk management in deployement and implementation of software

#71 kyebambe saleh

i appreciate ur stand as in helping us.but i need to understand more about risks under project recruitment

#72 kyebambe saleh

thanks for dat

#73 alifat

1 luv.. tnxs alot..

#74 vikas mathur

what is the main difference between qa and qc?

#75 madhu


#76 Mahalaxmi


How to handle and mitigate these technical risks and Programmatic Risks? i am not finding contusion link.
if any where i am missing plz mail me.

The test strategy is provides the steps tobe taken under while testing and the efforts, time and
resourcess required for the testing. am i rite.

#77 jaya

How to handle and mitigate these technical risks and Programmatic Risks? i am not finding contusion link.
if any where i am missing plz mail me

#78 Tony

Hi, does anyone know what are the risks for property rental ?

#79 Dilwar singh

i am dilwar.i am in BCA 2nd year students. i have a problam bt i can’t understands how is it comeplite.i will trying to many times of this question but can’t proparly solve it plz somebody person i request u solve this question and send to me
if a sotwere had failures in 100 tests during 10 day of testing what would be a good estimate of the realiabillity of the softwere over the next day?week?

#80 Pooja


when you say next article, please add a link to that location so that we can access it.


#81 Fatima

I need an best IT explainer I m ready to pay an amount…..

#82 Garima

please talk to me shall guide for better option


#83 sanket

this site is very best for software project mangment

#84 sarath

What are the Common risks and assumptions deck for Mainframe testing?

Leave a Comment