Rapid Application Development: Project Risk Management

When planning a project you hope for the best, but there is always a chance of something unexpected preventing this. Project risk management is about having the confidence of knowing what to do if the worse occurs, and what this will cost.

Project risk management consists of two key aspects: determining the risk, and designing counter measures.

Determining Risk

When determining risk there are three key aspects to consider:

  • The event causing the risk.
  • The likelihood of the event happening.
  • The impact on the plan if the event occurs.
Risk Events

When planning, it is impossible to determine every risk causing event that may occur. Many things can occur on a project, and you could spend forever trying to anticipate them all. However, as will become clear, it is not important to consider them all, you need to consider a representative selection of events that could effect a project.

Risk Likelihood

Even when we have a set of risk events, we do not generally have accurate statistics about their occurrence. It is unlikely therefore that we can determine their exact likelihood. This is a reason that a subjective scale of high, medium, or low is often used to determine likelihood. It focuses attention on those events you feel will be most likely to occur.

Risk Impact

The next step is to determine what impact a risk event may have on a project. This means determining what effect it will have on the scope, time, resource, or quality aspects of the project plan. These can vary from an annoyance through to a total catastrophe. Various scale scan be used but a similar three point scale of high, medium, or low is also often used.

Why Do It?

The process described so far appears very subjective, liable to error, and will definitely not be complete. So why do it? This is a valid question for many project plans, which just determine risk and go no further. However what we are really interested in is delivering a project plan in a way that satisfies the customer. This is the importance of the counter measures part. It states what you will do if a risk event occurs to mitigate the damage.

Designing Counter Measures

Project Risk Mitigation

When designing counter measures it will be noticed that the same counter measure can be employed to cover several different types of risk. What is more those same counter measures will most likely prove useful against risks you have not anticipated. This is the power of risk planning; by planning how to deal with the worst that you can think of, you are also providing insurance for events you have not considered. Therefore you have raised the possibility that the project will be delivered successfully.

Generic Risk Counter Measures

Risk counter measures will reduce the likelihood, the impact, or both of a risk happening. There are various generic risk counter measures that can be used to reduce risk. As an example supposing you wanted to cross a busy road in order to buy some fish and chips. Your options could be:

  • Eliminate the risk: Buy fish and frozen chips from a supermarket and cook them at home.
  • Cease the activity: Decide not to have fish and chips.
  • Reduce the likelihood: Carefully check the road and only cross when there is no traffic.
  • Reduce the impact: Wear body armour so that if you are hit then it will have less effect.
  • Early warning: Check the road to see if there is any traffic before crossing.
  • Avoid: Decide to have a pizza instead from a shop on your side of the road.
  • Share or transfer: Ring for a taxi to go and collect your fish and chips.
  • Accept risk: Just cross the road anyway.
Selecting Counter Measures

To select appropriate counter measures you check your list of risk events and consider for each of them what you could do to mitigate the effect of it happening. You start with the high likelihood and high impact events, and work down to the low likelihood and low impact events. For each consider the generic counter measures list and see if any can apply to the risk event you are considering. As an example for a test plan if there is a risk of the software being delivered to testing that does not even run, you may cease the testing activity. By documenting this in advance in the test plan all stakeholders are aware of the possibility of this extreme action. Another event may be the loss of one of the testing team. This could be covered by:

  • Reducing the likelihood, by ensuring the team are well paid, and have had a successful health check,
  • Reducing the impact, by having spare team members, or a call off arrangement with a contract agency,
  • Early warning, by having a strong system of staff appraisal, and other measures to see if staff are likely to become unavailable,
  • Accept the risk, by notifying the customer that if the event occurs then the scope, time scale, or quality standards will have to be adjusted and meeting convened to discuss.

There are other possibilities, but there are costs associated with all of them.

A Balanced Risk Management Plan

A balance must be struck between no planning, and planning to the point of project paralysis. The key is to balance the cost of the planning process, along with likely costs of counter measures, against the benefits to be delivered by the project. This can only be done in conjunction with the various stakeholders. If it is done at the start of a project it might even lead to the conclusion that the project is not worth pursuing. If it is pursued then the risk plan enables a more accurate judgment to be made about the likely overall costs. A risk management plan makes you think about what it is you want to achieve, and what you are willing to pay for it. As a result you stand a far higher chance of achieving success.


Rapid Application Development: MoSCoW Prioritisation

To be successful projects need to be properly prioritized for both the requirements and the main project objectives. One mechanism is to use a number system, but this is flawed as it results in all elements being number one. A more useful method is to use a set of words that have meaning such as the MoSCoW method. However to be effective prioritization requires hard choices to be made.

MoSCoW Prioritasation

MoSCoW Prioritasation

Prioritisation of Requirements

An important factor for the success of any project is ensuring that the requirements, are prioritised. In many cases this is not done leading to sure project failure. Sometimes it is the customers’ fault who want the entire system to be delivered now. Other times it is the project manager’s fault because they do not discuss the project with the customer. In either case prayers for miracles are often required if the project is to have any chance of being successful. In my experience miracles rarely happen on projects.

However prioritising is not an easy process, and even less so when done using a number system. The trouble with number systems is that it appears logically to give the features a priority of 1, 2, 3 etc. However who wants a requirement to be a “2” or even a “3”? As a result all requirements become a “1”, which is useless. This can lead to having to resort to additional systems such as giving “1*” and “1**” ratings to try to sort out what is really important. Even this is subject to prioritisation drift – upwards.

Even more damaging with number systems is that features that will not be developed this time are left off the list, and are ultimately lost. This means that designers and developers are unaware of these future needs, and therefore cannot select solutions which will make it easier to accommodate them at a later date.

So effective prioritisation is important but how can it be done if number systems are not effective?


A more successful method is to prioritise requirements by using words that have meaning. Several schemes exist but a method popularised by the DSDM community is the acronym MoSCoW. This stands for:
M – MUST have this.
S – SHOULD have this if at all possible.
C – COULD have this if it does not effect anything else.
W – WON’T have this time but would like in the future.
The two lower case “o” are there just to make the acronym work. The importance of this method is that when prioritising the words mean something and can be used to discuss what is important.

The “Must” requirements are non-negotiable, if they are not delivered then the project is a failure, therefore it is in everybody’s interest to agree what can be delivered and will be useful. Nice to have features are classified in the other categories of “Should” and “Could.

“Must” requirements must form a coherent set. They cannot just be “cherry picked” from all the others. If they are then what happens is that by default all the other requirements automatically become “Must”, and the entire exercise is wasted.

Requirements marked as “Won’t” are potentially as important as the “Must” category. It is not immediately obvious why this is so, but it is one of the characteristics that makes MoSCoW such a powerful technique. Classifying something as “Won’t” acknowledges that it is important, but can be left for a future release. In fact a great deal of time might be spent in trying to produce a good “Won’t” list. This has three important effects:

  • Users do not have to fight to get something onto a requirements list.
  • In thinking about what will be required later, affects what is asked for now.
  • The designers seeing the future trend can produce solutions that can accommodate these requirements in a future release.
Prioritising the Project Objectives

When a set of requirements has been prioritised then it can be compared against the other planning aspects of project: scope, quality, timescale and resources, and a risk statement produced.

There is a general wish among managers to be able to decide when a project will be delivered, how much it will cost and what it will do. They then think they have removed all the degrees of freedom, and as they have made an assertion, reality will follow their thinking.

Reality will not, as they have left out two significant factors. The first is quality; it may be delivered on time but the quality is appalling. It does what the requirements say, but the system is not robust enough to be used by anybody, as one mistake will make it crash. The other factor is risk, which may be so sky high, that project failure has guaranteed before it starts.

One suggestion is to prioritise the four main factors of scope, quality, timescale and resources, and thus prioritise the key project objectives. Which of them “Must” be delivered, which has the maximum flexibility and is defined as “Could”, with the other two factors between these as “Should”. This means that at least one factor can be allowed to slip, and provide flexibility for setting a proper risk plan to ensure the essential factor is met. This is not losing control, it is acknowledging that building a piece of software is a trip into the unknown, and precautions need to be taken.

Implications of Prioritising the Project

Selecting the right prioritisation order of is not easy. Any choice that is made has tradeoffs.

If nearly all the requirements are prioritised as “Must”, then there is not much flexibility in the scope of a project. By definition the scope is the “Must” factor in the project and a decision has to be taken either about which of the others will have flexibility, or which of the requirements will be down graded from a “Must”.

However many studies have shown that it is better if a project is delivered on time, even if it has few features, than if a project is delivered late, but with a full set of features. This can be likened to saying when is the best time to deliver Christmas crackers to shops, before or after Christmas? Therefore timescale competes to be the most important factor.

If quality is sacrificed then faults will occur in the software. One way around this is to train the users in the use of a new system, so that they only use it in proper fashion, and know how to get around any bugs that are discovered. However if it is an Internet system intended to be used by customers, then this cannot be done, and a reputation damage to the organisation may result, due to a faulty system.

Finally all systems must be produced to a budget, and a business does not have unlimited resources to put into a project. Moreover the business case normally assumes a rate of return, which will be considerably reduced if the resources are increased significantly on a project. Therefore resources have a strong case for being the most important factor.

Regardless you cannot “have it all and have it now”, and a balanced and planned prioritisation of the factors must take place if a project is to have a chance of delivering business value. If it is not then the fifth factor of risk goes sky high, and ceases to be risk and become inevitable.


Advantages and Disadvantages of Rapid Application Development (RAD)

Advantages of RAD Software Development
  • The time required to develop the software is drastically reduced due to a reduced requirement analysis business requirements documentation and software requirement specification) and planning stage.
  • All the software prototypes produced can be kept in a repository for future use. The re-usability of the components also enhances the speediness of the process of software development.
  • It is much easier for a project manager to be accurate in estimating project costs which of course means that project cost controls are easier to implement and manage as well.
  • It is a big cost saver in terms of project budget as well as project time and cost due to re-usability of the prototypes.
  • If a component is being picked for the repository, it is already tested and hence need not be tested again. This helps in saving time required for testing.
  • The project management requirements are collected in a dynamic manner. Every time there is a prototype ready, requirements are studied and matched. If there are any additional requirements, these are then included in the next prototype built.
  • There is a strong and continuous participation of the project sponsor who keeps giving feedback in the whole process. Hence the end user satisfaction level is higher when the end result is produced.
  • It promotes better documentation through written test cases.
Disadvantages of RAD Software Development
  • This method may not be useful for large, unique or highly complex projects
  • This method cannot be a success if the team is not sufficiently motivated and nor is unable to work cohesively together.
  • Success depends on the extremely high technical skills of the developers.
  • There are times when the team ignores necessary quality parameters such as consistency, reliability and standardization. Hence this can make project quality management hard to implement during the project management life cycle


Types of prototyping

View Information System Prototyping

Throwaway prototyping
 Also called close-ended prototyping. Throwaway or Rapid Prototyping refers to the creation of a model that will eventually be discarded rather than becoming part of the final delivered software. After preliminary requirements gathering is accomplished, a simple working model of the system is constructed to visually show the users what their requirements may look like when they are implemented into a finished system.

The most obvious reason for using Throwaway Prototyping is that it can be done quickly. If the users can get quick feedback on their requirements, they may be able to refine them early in the development of the software. Making changes early in the development lifecycle is extremely cost effective since there is nothing at that point to redo. If a project is changed after a considerable work has been done then small changes could require large efforts to implement since software systems have many dependencies. Speed is crucial in implementing a throwaway prototype, since with a limited budget of time and money little can be expended on a prototype that will be discarded.Another strength of Throwaway Prototyping is its ability to construct interfaces that the users can test. The user interface is what the user sees as the system, and by seeing it in front of them, it is much easier to grasp how the system will work.

One disadvantage with throw-away prototyping is that developers may be pressurised by the users to deliver it as a final system! Another issue is that all the man-hours of putting together the throw away prototypes are lost unlike the evolutionary approach. But the benefits may outweigh the disadvantages.

One method of creating a low fidelity Throwaway Prototype is Paper Prototyping. The prototype is implemented using paper and pencil, and thus mimics the function of the actual product, but does not look at all like it. Another method to easily build high fidelity Throwaway Prototypes is to use aGUI Builder and create a click dummy, a prototype that looks like the goal system, but does not provide any functionality.


  1. A preliminary project plan is developed
  2. An partial high-level paper model is created
  3. The model is source for a partial requirements specification
  4. A prototype is built with basic and critical attributes
  5. The designer builds
    –the database
    –user interface
    –algorithmic functions
    –algorithmic functions
  6. The designer demonstrates the prototype; the user evaluates for problems and suggests improve
  7. This loop continues until the user is satisfied.
Evolutionary prototyping
Evolutionary Prototyping (also known as breadboardprototyping) is quite different from Throwaway Prototyping. The main goal when using Evolutionary Prototyping is to build a very robust prototype in a structured manner and constantly refine it. “The reason for this is that the Evolutionary prototype, when built, forms the heart of the new system, and the improvements and further requirements will be built.When developing a system using Evolutionary Prototyping, the system is continually refined and rebuilt.Evolutionary Prototypes have an advantage over Throwaway Prototypes in that they are functional systems. Although they may not have all the features the users have planned, they may be used on an interim basis until the final system is delivered.In Evolutionary Prototyping, developers can focus themselves to develop parts of the system that they understand instead of working on developing a whole system.Incremental prototyping

The final product is built as separate prototypes. At the end the separate prototypes are merged in an overall design.

Extreme prototyping

Extreme Prototyping is an architectural process for developing applications, especially web applications, in terms of increasingly functional prototypes. At a high level, it breaks down web development into three distinct phases. The first phase is the static prototype, consisting of HTML pages and possibly a logical data model supporting those pages. The second phase is a coding process in your chosen web framework whereby the screens are fully functional using a simulated services layer. The third phase is where the services are implemented. The process is called Extreme Prototyping to draw attention to the second phase of the process, where a fully-functional UI is developed with very little regard to the services other than their contract. This deliverable, much like the static HTML prototype, can be considered a prototype, albeit a dynamic one.

By using Extreme Prototyping, you will be able to substantially shorten the requirement cycle and also the development cycle. Extreme Prototyping will allow you to consistently estimate and deliver your projects faster, cheaper, and better. Extreme Prototyping achieves these results primarily by breaking down the dependencies between multiple teams and thereby allowing parallel development. Extreme Prototyping continues to put extra emphasis on executable deliverables.

The Three Bricks of Extreme Prototyping

If you imagine system development as a set of concrete deliverables, you can imagine an “Extreme Prototype” to consist of three bricks, as depicted in Figure

The first

brick is the Static Prototype. Based on this prototype, the UI brick and the Service brick can be developed fairly independently and brought together toward the end of the project for an integration alignment. The service contracts (or blades) should allow for a perfect alignment in any typed language.