Risk Assessment Checklist

Download link : Risk Assessment Checklist

Risk Assessment Checklist

Project Name   Project Code  
Program Manager   Project Manager  

1       Engineering Process

1.1      Requirements

Item

Yes

No

NA

Remarks

Stability
Are the requirements stable

[1]

Are the external interfaces changing
Completeness
Are there requirements you know should be inthe specification but aren’t?
(IF Yes)Will you be able to get these requirements into the system?
Does the customer have unwritten requirements/expectations?
Are the external interfaces completely defined?
Clarity
Are you able to understand the requirements as written?
There are no ambiguities or problems of interpretation?
Validity
Are there any requirements that may not specify what the customer really wants?
Do you and the customer understand the same thing by the requirements?
How do you validate the requirements?
Feasibility
Are there any requirements that are technically difficult to implement?
Precedent
Do requirements specify something never done before, or that your company has not done before?
Scale
Is the system size and complexity a concern?


1.2      Design

Item

Yes

No

NA

Remarks

Functionality
Are there any potential problems in meeting functionality requirements?
Difficulty
Does any of the design depend on unrealistic or optimistic assumptions?
Are there any requirements or functions which are difficult to design?
Interface
Are the internal interfaces well defined ?
Is there a process for defining internal interfaces?
Is hardware being developed in parallel with software?
Performance
Are there any problems with performance?
Throughput
Scheduling asynchronous
Real-time events
Real-time response
Recovery timelines
Response time
Database response, contention, or access
Has a performance analysis been done?
Testability
Is the product difficult or impossible to test?
Does the design include features to aid testing?
Hardware Constraints
Does the hardware limit your ability to meet any requirements?Architecture, Memory capacity, Throughput, Real-time response, Response time, Recovery timelines, Database performance, Functionality, Reliability, Availability
Non-Developmental Software (If re-used or re-engineered software Exists)
Are you reusing or reengineering software not developed on the program?
(If Yes) Do you foresee any problems?Documentation, Performance, Functionality, Timely delivery, Customization
If COTS software is being used
Are there any problems with using COTS (commercial off-the-shelf) software?Insufficient documentation to determine interfaces, size, or performance

Poor performance

Requires a large share of memory or database storage.

Difficult to interface with application software

Not thoroughly tested

Not bug free

Not maintained adequately

Slow vendor response

Do you foresee any problem with integrating COTS software updates or revisions?

1.3      Code and Unit Test

Item

Yes

No

NA

Remarks

Feasibility
Are any parts of the product implementation not completely defined by the design specification?
Are the selected algorithms and designs easy to implement?
Is there sufficient time to perform all the unit testing you think should be done?
Will compromises be made regarding unit testing if there are schedule problems?
Testing
Do you begin unit testing before you verify code with respect to the design
Has sufficient unit testing been specified?
Coding/Implementation
Are the design specifications in sufficient detail to write the code?
Is the design changing while coding is being done?
Are there system constraints making the code difficult to write?Timing

Memory

External storage

Is the language suitable for producing the software on this program?
Are there multiple languages used on the program?
(if YES) Is there interface compatibility between the code produced by the different compilers?
Is the development computer the same as the target computer?
If developmental hardware is being used
Are the hardware specifications adequate to code the software?
Are the hardware specifications changing while the code is being written?

1.4      Integration and Test

Item

Yes

No

NA

Remarks
Environment
Will there be sufficient hardware to do adequate integration and testing?
Is there any problem with developing realistic scenarios and test data to demonstrate any requirements?Specified data traffic

Real-time response

Asynchronous event handling

Multi-user interaction

Are you able to verify performance in your facility?
Does hardware and software instrumentation facilitate testing?
Product
Will the target hardware be available when needed?
Have acceptance criteria been agreed to for all requirements?
Are the external interfaces defined, documented, and baselined?
Are there any requirements that will be difficult to test?
Has sufficient product integration been specified?
Has adequate time been allocated for product integration and test?
IF COTS Will vendor data be accepted in verification of requirements allocated to COTS products?
System
Has sufficient system integration been specified?
Has adequate time been allocated for system integration
Are all contractors part of the integration team? And test?
Will the product be integrated into an existing system?
Will system integration occur on customer site?

1.5      Engineering Specialties

Item

Yes

No

NA

Remarks

Maintainability
Does the architecture, design, or code create any maintenance difficulties?
Are the maintenance people involved early in the design?
Is the product documentation adequate for maintenance by an outside organization?
Reliability
Are reliability requirements allocated to the software?
Are availability requirements allocated to the software?
Safety
Are safety requirements allocated to the software?
Will it be difficult to verify satisfaction of safety requirements?
Security
Are the security requirements more stringent than the current state of the practice or program experience?
Human Factors
Will the system be difficult to use because of poor human interface definition?
Specification
Is the software requirements specification adequate to design the system?
Are the hardware specifications adequate to design and implement the software?
Are the external interface requirements well specified?
Are the test specifications adequate to fully test the system?

2       Development

2.1      Development Process

Item

Yes No NA Remarks
Are there formal, controlled plans for all development activities?

  • Requirements analysis
  • Design
  • Code
  • Integration and test
  • Installation
  • Quality assurance
  • Configuration management
Formality
Do the plans specify the process well?
Are developers familiar with the plans?
Suitability
Is the development process adequate for this product?
Is the development process supported by a compatible set of procedures, methods and tools?
Process Control
Is the software development process enforced, monitored and controlled using metrics?
Are distributed development  sites coordinated?
Familiarity
Are the project members experienced in use of the process?
Do all staff members understand the process?
Product Control
Is there a requirements traceability mechanism that tracks requirements from the source specification through test cases?
Is the traceability mechanism used in evaluating requirement change impact analyses?
Is there a formal change control process?
Are changes at any level mapped up to the system level and down through the test level?
Is there adequate analysis when new requirements are added to the system?
Do you have a way to track interfaces?
Are the test plans and procedures updated as part of the change process?

2.2      Development System

Item

Yes No NA Remarks
Capacity
Are there enough workstations and processing capacity for all staff?
Is there sufficient capacity for overlapping phases, such as coding, integration and test?
Suitability
Does the development system support all phases, activities, and functions?
Usability
Do people find the development system easy to use?
Is there good documentation of the development system?
Familiarity
Have people used these tools and methods before?
Reliability
Is the system considered reliable?

  • Compiler
  • Development tools
  • Hardware
System support
Are the people trained in use of the development tools?
Do you have access to experts in use of the system?
Do the vendors respond to problems rapidly?
Deliverability

2.3      Management Process

Item

Yes No NA Remarks
Planning
Is the program managed according to the plan?
Is re-planning done when disruptions occur?
Are people at all levels included in the planning of their own work?
Are there contingency plans for known risks?
Are long-term issues being adequately addressed?
Project Organization
Are the roles and reporting relationships clear?
Management  Experience
Are the managers experienced in software development, software management, the application domain, the development process, or on large programs?
Program Interfaces (Interface with customer, other contractors, senior and/or peer managers.)
Does management communicate problems up and down the line?
Are conflicts with the customer documented and resolved in a timely manner?
Does management involve appropriate program members in meetings with the customer?

  • Technical leaders
  • Developers
  • Analysts
Does management work to ensure that all customer factions are represented in decisions regarding functionality and operation?

2.4      Management Methods

Item

Yes No NA Remarks
Monitoring
Are there periodic structured status reports?
Does appropriate information get reported to the right organizational levels?
Do you track progress versus plan?
Personnel Management
Are project personnel trained and used appropriately?
Are program members at all levels aware of their status versus plan?
Quality Assurance
Are there adequate procedures and resources to assure product quality?
Configuration  Management
Do you have an adequate configuration management system?
Is the Configuration Management function adequately staffed?
Is coordination required with an installed system?
(If Yes) Is there adequate configuration management of the installed system?
Does the configuration management system synchronize your work with site changes?

2.5      Work Environment

Item

Yes No NA Remarks
Quality Attitude
Are all staff levels oriented toward quality procedures?
Does schedule get in the way of quality?
Cooperation
Do people work cooperatively across functional boundaries?
Do people work effectively towards common goals?
Is management intervention sometimes required to get people working together?
Communication
Is there poor awareness of mission or goals; poor communication of technical information among peers and managers?
Morale
Is there a non-productive, non-creative atmosphere?
Do people feel that there is no recognition or reward for superior work?

 

3       Program Constraints

3.1      Resources

Item

Yes No NA Remarks
Schedule
Has the schedule been stable?
Is the schedule realistic?
Is there anything for which adequate schedule was not planned?
Are there external dependencies which are likely to impact the schedule?
Staff
Are there any areas where the required technical skills are lacking?
Do you have adequate personnel to staff the program?
Is the staffing stable?
Do you have access to the right people when you need them?
Budget
Is the budget stable?
Is the budget based on a realistic estimate?
Is there anything for which adequate budget was not allocated?
Do budget changes accompany requirement changes?
Facilities
Are the development facilities adequate?
Is the integration environment adequate?

3.2      Contract

Item

Yes No NA Remarks
Type of Contract
Is the contract type a source of risk to the program?(fixed price,  cost plus award fee etc.)
Is the required documentation burdensome( Excessive amount, picky customer, long approval cycle)
Restrictions
Are there problems with data rights?

  • COTS software
  • Developmental software
  • Non-developmental Items
Dependencies
Does the program have any dependencies on outside products or services

3.3      Program Interfaces

Item

Yes No NA Remarks
Customer
Is the customer approval cycle timely?
Does the customer understand the technical aspects of the system?
Does the customer understand software?
Does the customer interfere with process or people?
How effective are your mechanisms for reaching agreements with the customer?
Does management present a realistic or optimistic picture to the customer?
Corporate Management
Is there a lack of support or micro management from upper management?
Vendors
Are you relying on vendors for deliveries of critical components?

  • Compilers
  • Hardware
  • COTS
Politics
Are politics affecting the program?

  • Company
  • Customer
Are politics affecting technical decisions?

4       Others

4.1      On-Site

  Item

Yes No NA Remarks
Logistics
Logistics
Personal constraints
Visa
Contract
Type of Contract
Restrictions
Project Manager Project SQA
Program Manager Date

[1] Double Click the checkbox and select the options “Checked” or “Not Checked” as appropriate