Risk Assessment Checklist

Download link : Risk Assessment Checklist

Risk Assessment Checklist

Project Name:

Project Code:

Program Manager:

Project Manager:

Engineering Process

Are the requirements stable?
Are the external interfaces changing?
Are there requirements you know should be in the specification but aren’t?
(IF Yes) Will you be able to get these requirements into the system?
Does the customer have unwritten requirements/expectations?
Are the external interfaces completely defined?
Are you able to understand the requirements as written?
There are no ambiguities or problems of interpretation?
Are there any requirements that may not specify what the customer really wants?
Do you and the customer understand the same thing by the requirements?
How do you validate the requirements?
Are there any requirements that are technically difficult to implement?
Do requirements specify something never done before, or that your company has not done before?
Is the system size and complexity a concern?

Page 1 of 10
Version No.1.0 / Date: 21-01-2012
Working Copy If Printed

Risk Assessment Checklist


Are there any potential problems in meeting functionality requirements?
Does any of the design depend on unrealistic or optimistic assumptions?
Are there any requirements or functions which are difficult to design?
Are the internal interfaces well defined?
Is there a process for defining internal interfaces?
Is hardware being developed in parallel with software?
Are there any problems with performance?
Scheduling asynchronous
Real-time events
Real-time response
Recovery timelines
Response time
Database response, contention, or access
Has a performance analysis been done?
Is the product difficult or impossible to test?
Does the design include features to aid testing?
Hardware Constraints
Does the hardware limit your ability to meet any requirements?
Architecture, Memory capacity, Throughput, Real-time response, Response time, Recovery timelines, Database performance, Functionality, Reliability, Availability
Non-Developmental Software (If re-used or re-engineered software Exists)
Are you reusing or reengineering software not developed on the program?
(If Yes) Do you foresee any problems?
Documentation, Performance, Functionality, Timely delivery, Customization
If COTS software is being used
Are there any problems with using COTS (commercial off-the-shelf) software?

Page 2 of 10
Version No.1.0 / Date: 21-01-2012
Working Copy If Printed

Risk Assessment Checklist

Insufficient documentation to determine interfaces, size, or performance
Poor performance
Requires a large share of memory or database storage.
Difficult to interface with application software
Not thoroughly tested
Not bug free
Not maintained adequately
Slow vendor response
Do you foresee any problem with integrating COTS software updates or revisions?

Code and Unit Test

Are any parts of the product implementation not completely defined by the design specification?
Are the selected algorithms and designs easy to implement?
Is there sufficient time to perform all the unit testing you think should be done?
Will compromises be made regarding unit testing if there are schedule problems?
Do you begin unit testing before you verify code with respect to the design
Has sufficient unit testing been specified?
Are the design specifications in sufficient detail to write the code?
Is the design changing while coding is being done?
Are there system constraints making the code difficult to write?
External storage
Is the language suitable for producing the software on this program?
Are there multiple languages used on the program?
(if YES) Is there interface compatibility between the code produced by the different compilers?
Is the development computer the same as the target computer?
If developmental hardware is being used
Are the hardware specifications adequate to code the software?

Page 3 of 10
Version No.1.0 / Date: 21-01-2012
Working Copy If Printed

Risk Assessment Checklist

Are the hardware specifications changing while the code is being written?

Integration and Test

Will there be sufficient hardware to do adequate integration and testing?
Is there any problem with developing realistic scenarios and test data to demonstrate any requirements?
Specified data traffic
Real-time response

event handling
Multi-user interaction | | | |
Are you able to verify performance in your facility? | | | |
Does hardware and software instrumentation facilitate testing? | | | |
Product | | | |
Will the target hardware be available when needed? | | | |
Have acceptance criteria been agreed to for all requirements? | | | |
Are the external interfaces defined, documented, and baselined? | | | |
Are there any requirements that will be difficult to test? | | | |
Has sufficient product integration been specified? | | | |
Has adequate time been allocated for product integration and test? | | | |
IF COTS Will vendor data be accepted in verification of requirements allocated to COTS products? | | | |
System | | | |
Has sufficient system integration been specified? | | | |
Has adequate time been allocated for system integration | | | |
Are all contractors part of the integration team? And test? | | | |
Will the product be integrated into an existing system? | | | |
Will system integration occur on customer site? | | | |

Engineering Specialties

Does the architecture, design, or code create any maintenance difficulties?
Are the maintenance people involved early in the design?
Is the product documentation adequate for maintenance by an outside organization?
Are reliability requirements allocated to the software?
Are availability requirements allocated to the software?
Are safety requirements allocated to the software?
Will it be difficult to verify satisfaction of safety requirements?
Are the security requirements more stringent than the current state of the practice or program experience?
Human Factors
Will the system be difficult to use because of poor human interface definition?
Is the software requirements specification adequate to design the system?
Are the hardware specifications adequate to design and implement the software?
Are the external interface requirements well specified?
Are the test specifications adequate to fully test the system?

Page 4 of 10
Version No.1.0 / Date: 21-01-2012
Working Copy If Printed

Risk Assessment Checklist

Development Process

Are there formal, controlled plans for all development activities?
Requirements analysis
Integration and test
Quality assurance
Configuration management
Do the plans specify the process well?
Are developers familiar with the plans?
Is the development process adequate for this product?
Is the development process supported by a compatible set of procedures, methods, and tools?

Process Control
Is the software development process enforced, monitored, and controlled using metrics? | | | |
Are distributed development sites coordinated? | | | |
Familiarity | | | |
Are the project members experienced in use of the process? | | | |
Do all staff members understand the process? | | | |
Product Control
Is there a requirements traceability mechanism that tracks requirements from the source specification through test cases? | | | |
Is the traceability mechanism used in evaluating requirement change impact analyses? | | | |
Is there a formal change control process? | | | |
Are changes at any level mapped up to the system level and down through the test level? | | | |
Is there adequate analysis when new requirements are added to the system? | | | |
Do you have a way to track interfaces? | | | |
Are the test plans and procedures updated as part of the change process? | | | |

Development System

Are there enough workstations and processing capacity for all staff?
Is there sufficient capacity for overlapping phases, such as coding, integration, and test?
Does the development system support all phases, activities, and functions?
Do people find the development system easy to use?
Is there good documentation of the development system?
Have people used these tools and methods before?
Is the system considered reliable?
Development tools

Page 5 of 10
Version No.1.0 / Date: 21-01-2012
Working Copy If Printed

Risk Assessment Checklist

System support
Are the people trained in use of the development tools? | | | |
Do you have access to experts in use of the system? | | | |
Do the vendors respond to problems rapidly? | | | |
Deliverability | | | |
Is the program managed according to the plan? | | | |
Is re-planning done when disruptions occur? | | | |
Are people at all levels included in the planning of their own work? | | | |
Are there contingency plans for known risks? | | | |
Are long-term issues being adequately addressed? | | | |
Project Organization
Are the

roles and reporting relationships clear? | | | |
Management Experience
Are the managers experienced in software development, software management, the application domain, the development process, or on large programs? | | | |
Program Interfaces (Interface with customer, other contractors, senior and/or peer managers.)
Does management communicate problems up and down the line? | | | |
Are conflicts with the customer documented and resolved in a timely manner? | | | |
Does management involve appropriate program members in meetings with the customer?
Technical leaders
Analysts | | | |
Does management work to ensure that all customer factions are represented in decisions regarding functionality and operation? | | | |
Management Methods

Are there periodic structured status reports?
Does appropriate information get reported to the right organizational levels?
Do you track progress versus plan?
Personnel Management
Are project personnel trained and used appropriately?
Are program members at all levels aware of their status versus plan?
Quality Assurance
Are there adequate procedures and resources to assure product quality?
Configuration Management
Do you have an adequate configuration management system?
Is the Configuration Management function adequately staffed?
Is coordination required with an installed system?
(If Yes) Is there adequate configuration management of the installed system?
Does the configuration management system synchronize your work with site changes?

Work Environment

Quality Attitude
Are all staff levels oriented toward quality procedures?
Does schedule get in the way of quality?
Do people work cooperatively across functional boundaries?
Do people work effectively towards common goals?
Is management intervention sometimes required to get people working together?
Is there poor awareness of mission or goals; poor communication of technical information among peers and managers?
Is there a non-productive, non-creative atmosphere?
Do people feel that there is no recognition or reward for superior work?

Program Constraints

Has the schedule been stable?
Is the schedule realistic?
Is there anything for which adequate schedule was not planned?
Are there external dependencies which are likely to impact the schedule?
Are there any areas where the required technical skills are lacking?
Do you have adequate personnel to staff the program?
Is the staffing stable?
Do you have access to the right people when you need them?
Is the budget stable?
Is the budget based on a realistic estimate?
Is there anything for which adequate budget was not allocated?
Do budget changes accompany requirement changes?
Are the development facilities adequate?
Is the integration environment adequate?


Type of Contract
Is the contract type a source of risk to the program? (fixed price, cost plus award fee, etc.)
Is the required documentation burdensome? (Excessive amount, picky customer, long approval cycle)
Are there problems with data rights? COTS software? Developmental software? Non-developmental Items?
Does the program have any dependencies on outside products or services?
Program Interfaces
Is the customer approval cycle timely?
Does the customer understand the technical aspects of the system?
Does the customer understand software?
Does the customer interfere with process or people?
How effective are your mechanisms for reaching agreements with the customer?
Does management present a realistic or optimistic picture to the customer?
Corporate Management
Is there a lack of support or micro management from upper management?
Are you relying on vendors for deliveries of critical components? (Compilers, Hardware, COTS)
Are politics affecting the program? (Company, Customer)
Are politics affecting technical decisions?
Personal constraints
Type of Contract
Project Manager
Project SQA
Program Manager