Risk Management Plan

The various risks in the project are split into four categories.

• Group Member Risks are risks that can occur within the team.
• Development Technologies Risks are risks that can occur with the different development technologies and frameworks used.
• Testing / Testing Technologies Risks are risks that can occur with the Testing technologies used as well as the Testing team.
• Other Risks are any other risks that may occur.

	Severity	Probability
Very Low	A minor risk that can easily be avoided or resolved quickly	Highly unlikely to occur
Low	A minor risk that may be avoided or resolved quickly	Unlikely to occur
Medium	A risk that requires the team's attention and would require a team effort to resolve	Likely to occur
High	A risk that would require a lot of time and team effort to resolve	Highly likely to occur
Very High	A very high risk that requires significant time and team effort to resolve	Almost guaranteed to occur

Top 10 Risks

The top 10 risks in terms of highest to lowest risk are found here

Group Member Risks

Risk 1: Team members may withdraw from the class.

• Probability: Very Low
• Severity: Medium

Solutions:

• Mitigation

  • Communicate with other team members early on if someone is thinking to drop the class.
  • Frequent meetings with team members to see how everyone is feeling and what they are working on.
  • Make use of pair programming and tutorials so people are familiar with the technologies being used.
  • Have Backup positions (Backup Project Manager: Jorgen, Backup Dev Lead: Zack, Backup Testing Lead: Sahngwoo, Backup Risk Manager: Mark).
  • Project leads should consistently communicate with the backup positions what they are working on in case the backup needs to take over.

• Contingency plan

  • Assign the responsibilities of the person who dropped to another team member working in a similar field.

Risk 2: Miscommunication between team members

• Probability: Medium
• Severity: Medium

Solutions:

• Mitigation
  • Have a clear requirements document.
  • Constantly review documents.
  • Review pull requests.
  • Discuss the tasks assigned and what we are currently working on using Github issues.
  • Have consistent communication with the team through meetings to ensure tasks are not misunderstood.
  • Encourage team members to ask questions.
  • Have a standup to communicate with team members about what you are doing.

Risk 3: Lack of commitment due to personal reasons or due to responsibilities towards other classes.

• Probability: Very High
• Severity: Medium

Solutions:

• Mitigation

  • Plan ahead and get work done early.
  • Communicate with team members on any other major commitments which may arise.
  • implement sprint planning.

• Contingency plan

  • If a particular member is overwhelmed with other work, a teammate in a similar field will take over or help with the responsibilities.
  • Busy group members can take on smaller less time-consuming tasks

Risk 4: Poor time estimation (Members may poorly estimate the time taken to complete a task).

• Probability: Very High
• Severity: High

Solutions:

• Mitigation

  • Start tasks as early as possible.
  • Let team members know if a task is taking longer than planned.
  • Have a standup where teammates give the state of tasks and issues.

• Contingency Plan

  • In the event a task is too difficult or taking longer than expected, have a team meeting to find a solution together.

Risk 5: Team members get sick from Covid or other illnesses

• Probability: High
• Severity: Medium

Solutions:

• Mitigation

  • Introduce pair programming so team members familiarize themselves with others' code so they can potentially take over.
  • Have Backup positions (Backup Project Manager: Jorgen, Backup Dev Lead: Zack, Backup Testing Lead: Sahngwoo, Backup Risk Manager: Mark).

• Contingency Plan

  • Use online discord/zoom meetings for discussions and team meetings.

Risk 6: Lack of Technical skills (Team members may be unfamiliar with the technologies and frameworks used).

• Probability: Very High
• Severity: High

Solutions:

• Mitigation
  • Have online tutorials help by more experienced members to teach unfamiliar members the technologies/frameworks used.
  • Do self-research on the internet and use youtube tutorials to familiarize oneself with the technologies.
  • Using spike prototypes to familiarize oneself with the technologies being used.
  • Discuss and get help from the TA on the technologies being used.

Development Technologies Risks

Risk 1: Problems with user authentication using Keycloak

• Probability: Medium
• Severity: High

Solutions:

• Mitigation
  • Authentication is not natively supported so we must create spike prototypes to figure out how to use Keycloak for authentication.

Risk 2: Problems with maintaining software security

• Probability: Very High
• Severity: Very High

Solutions:

• Mitigation
  • Have a dedicated security officer to investigate security issues as well as maintain software security.
  • Security officer will work with developers and testers to make sure the software is secure.
  • Get help from the TA on the security concerns.

Risk 3: Errors with MIBS (potentially not sending messages correctly or has bugs).

• Probability: Medium
• Severity: High

Solutions:

• Mitigation
  • Throughroughly test the MIB system with multiple test cases through manual UI tests and test scripts
  • Have formal reviews of the MIBS codebase and the test cases.

Testing / Testing Technologies Risks

Risk 1: Poor testing/ Lack of adequate testing

• Probability: High
• Severity: High

Solutions:

• Mitigation
  • Have a thorough testing plan on how to adequately test the software.
  • Have smoke tests, unit tests, regression tests, system tests, code coverage tests.
  • Have peer reviews on written test scripts and test documents to ensure software correctness
  • Heavily invest into testability through use of code contracts

Risk 2: Selenium errors when HTML ID tags are changed (If tags are changed by the developer then tests scripts will fail).

• Probability: very low
• Severity: low

Solutions:

• Mitigation
  • Keep HTML tags the same unless there is a special need to change the tags.
  • Alert the testing team as soon as possible if a tag is changed so test scrips can be quickly updated.
  • Work with a development buddy.
  • Include selenium tests in the continuous integration pipeline.

Risk 3: Problems with testing for software security flaws

• Probability: Very High
• Severity: Very High

Solutions:

• Mitigation
  • Ensure key security features such as two-factor authentication are thoroughly tested.
  • Possibly investigate some software security testing tools.
  • Talk to professor and TA about how to test for software security.
  • Security officers can help investigate and test for software security.

Risk 4: Difficulties testing the app for ios devices. The ios simulator will require access to a Mac which most group members and testers don't have.

• Probability: High
• Severity: Medium

Solutions:

• Mitigation
  • Possible borrow a Macbook from the university for ios testing.
  • Possibly use a Virtual Machine to run Mac Os for testing through ios simulator

Other Risks

Risk 1: Stakeholder wants to change requirements/team misunderstands stakeholders requirements

• Probability: Medium
• Severity: Medium

Solutions:

• Mitigation
  • Have multiple members during stakeholder meetings to ask questions and make sure nothing is misunderstood.
  • Have a clear requirements document stating the features and what we are building.
  • Have frequent communication with the stakeholder to confirm their requirements are being met by the software we are building.
  • Have requirement reviews between members.
  • Have a demonstration environment to show the stakeholder what we build
  • Show mockups and prototypes to the stakeholder for feedback.
  • Record the stakeholder meetings so all group members can view the meetings.

Risk 2: Difficulties building and running the application on different systems

• Probability: low
• Severity: High

Solutions:

• Mitigation
  • The correct steps on how to build and run the application will be documented by developers
  • The steps will be tested to ensure that the written procedure is correct and that there are no issues