Risk Management Plan

The risks in the project are split into various severities and probabilities.
Some risks are categorized since there may be multiple ways to interpret the risk.
The risks also have a status field that indicates whether the risks are still ongoing or fully resolved.
The various risks in the project are split into four categories.

• Group Member Risks are risks that can occur within the team.
• Development Technologies Risks are risks that can occur with the different development technologies and frameworks used.
• Testing / Testing Technologies Risks are risks that can occur with the Testing technologies used as well as the Testing team.
• Other Risks are any other risks that may occur.

	Severity	Probability
Very Low	A minor risk that can easily be avoided or resolved quickly	Highly unlikely to occur
Low	A minor risk that may be avoided or resolved quickly	Unlikely to occur
Medium	A risk that requires the team's attention and would require a team effort to resolve	Likely to occur
High	A risk that would require a lot of time and team effort to resolve	Highly likely to occur
Very High	A very high risk that requires significant time and team effort to resolve	Almost guaranteed to occur

Top 10 Risks

The top 10 risks in terms of highest to lowest risk are found here

New Risks

The Latest Risks found during ID4

Development Technologies Risk 4: Difficulties integrating the Postman API and Smoke tests into the CI pipeline using Newman

Testing Risk 4: Difficulties running Detox tests on generated android/ios artifacts in the CI pipeline

Other Risk 4: Inability to complete project on time

All Risks

All ongoing risks associated with the project

Group Member Risks

Risk 1: Team members may withdraw from the class.

• Status: Ongoing
• Probability: Very Low
• Severity: Medium

Solutions:

• Mitigation

  • Communicate with other team members early on if someone is thinking to drop the class.
  • Frequent meetings with team members to see how everyone is feeling and what they are working on.
  • Make use of pair programming and tutorials so people are familiar with the technologies being used.
  • Have Backup positions (Backup Project Manager: Jorgen, Backup Dev Lead: Zack, Backup Testing Lead: Sahngwoo, Backup Risk Manager: Mark).
  • Project leads should consistently communicate with the backup positions what they are working on in case the backup needs to take over.

• Contingency plan

  • Assign the responsibilities of the person who dropped to another team member working in a similar field.

Risk 2: Miscommunication between team members

Categorization: There could be very serious miscommunication such as completely misunderstanding requirements which would impact the severity and probability differently compared to minor miscommunications.

Minor Miscommunication:

• Status: Ongoing
• Probability: Medium
• Severity: Low

Major Miscommunication:

• Status: Ongoing
• Probability: Medium
• Severity: High

Solutions:

• Mitigation
  • Have a clear requirements document.
  • Constantly review documents.
  • Review pull requests.
  • Discuss the tasks assigned and what we are currently working on using Github issues.
  • Have consistent communication with the team through meetings to ensure tasks are not misunderstood.
  • Encourage team members to ask questions.
  • Have a standup to communicate with team members about what you are doing.

Risk 3: Lack of commitment due to personal reasons or due to responsibilities towards other classes.

• Status: Ongoing
• Probability: Very High
• Severity: High

Solutions:

• Mitigation

  • Plan ahead and get work done early.
  • Communicate with team members on any other major commitments which may arise.
  • Implement sprint planning.

• Contingency plan

  • If a particular member is overwhelmed with other work, a teammate in a similar field will take over or help with the responsibilities.
  • Busy group members can take on smaller less time-consuming tasks

Risk 4: Poor time estimation (Members may poorly estimate the time taken to complete a task).

Categorization: There could be underestimation and overestimation of tasks.

Overestimation:

• Status: Ongoing
• Probability: Low
• Severity: Medium

Underestimation:

• Status: Ongoing
• Probability: Very High
• Severity: Medium

Solutions:

• Mitigation

  • Start tasks as early as possible.
  • Let team members know if a task is taking longer than planned.
  • Have a standup where teammates give the state of tasks and issues.
  • Have a sprint availability where we have a record of everyone's availability and the number of hours they can commit to each sprint so we can better estimate tasks
  • Have sprint planning where team members discuss and estimate the time that certain tasks should take
  • Estimate tasks by thinking of all its pieces. Should consider the skill of the person assigned to the task, availability of people in the team, any other tasks that may be blocking the task.
  • Estimate tasks in ranges instead of a fixed amount

• Contingency Plan

  • In the event a task is too difficult or takes longer than expected, have a team meeting to find a solution together.

Risk 5: Team members get sick from Covid or other illnesses

• Status: Ongoing
• Probability: Medium
• Severity: Medium

Solutions:

• Mitigation

  • Introduce pair programming so team members familiarize themselves with others' code so they can potentially take over.
  • Have Backup positions (Backup Project Manager: Jorgen, Backup Dev Lead: Zack, Backup Testing Lead: Sahngwoo, Backup Risk Manager: Mark).

• Contingency Plan

  • Use online discord/zoom meetings for discussions and team meetings.

Risk 6: Lack of Technical skills (Team members may be unfamiliar with the technologies and frameworks used).

• Status: Ongoing
• Probability: High
• Severity: High

Solutions:

• Mitigation
  • Have written tutorials done by members to teach unfamiliar members and themselves the technologies/frameworks used.
  • Do self-research on the internet and use youtube tutorials to familiarize oneself with the technologies.
  • Using spike prototypes to familiarize oneself with the technologies being used.
  • Discuss and get help from the TA on the technologies being used.

Risk 7: Team burnout (Team members may feel burned out leading to less productivity and poor work)

• Status: Ongoing
• Probability: High
• Severity: Medium

Solutions:

• Mitigation
  • Ask for help after 30 minutes to 1 hour of not understanding a task or getting stuck.
  • Peer reviews will be used to catch any poor or incorrect work
  • Team members less involved can try to take on more tasks

Risk 8: Difficulties adjusting to new roles

• Status: Ongoing
• Probability: High
• Severity: High

Solutions:

• Mitigation
  • Do pair programming to get members up to speed with their new roles.

Development Technologies Risks

Risk 1: Problems with user authentication using Keycloak

• Status: Ongoing
• Probability: low
• Severity: High

Solutions:

• Mitigation
  • Authentication is not natively supported so we must create spike prototypes to figure out how to use Keycloak for authentication.

Risk 2: Problems with maintaining software security

• Status: Ongoing
• Probability: low
• Severity: Very High

Solutions:

• Mitigation
  • Have a dedicated security officer to investigate security issues as well as maintain software security.
  • Security officer will work with developers and testers to make sure the software is secure.
  • Get help from the TA on the security concerns.

Risk 3: Errors with MIBS (potentially not sending messages correctly or has bugs).

• Status: Ongoing
• Probability: Medium
• Severity: High

Solutions:

• Mitigation
  • Throughroughly test the MIBS and MIBS API with multiple test cases through manual UI tests and test scripts
  • Have formal reviews of the MIBS codebase and the test cases.

Risk 4: Difficulties integrating the Postman API and Smoke tests into the CI pipeline using Newman

• Status: Ongoing
• Probability: Very High
• Severity: Very High

Solutions:

• Mitigation

  • Reasearch further on Newman to find a solution

• Contingency Plan

  • Get more people together to research and find a solution
  • Might have to find something else instead of Newman to run tests in the CI

Testing / Testing Technologies Risks

Risk 1: Poor testing/ Lack of adequate testing

• Status: On going
• Probability: High
• Severity: High

Solutions:

• Mitigation
  • Have a thorough testing plan on how to adequately test the software.
  • Have smoke tests, unit tests, regression tests, system tests, code coverage tests.
  • Have peer reviews on written test scripts and test documents to ensure software correctness
  • Heavily invest into testability through use of code contracts, test harnesses, assertions, docker images, etc
  • Have system flow diagram to create better test cases
  • Host a bug party to find defects and estimate the number of unfound defects

Risk 2: Selenium errors when HTML ID tags are changed (If tags are changed by the developer then tests scripts will fail).

Status: Invalid Probability: very low Severity: low Solutions:

Mitigation Keep HTML tags the same unless there is a special need to change the tags. Alert the testing team as soon as possible if a tag is changed so test scrips can be quickly updated. Work with a development buddy. Include selenium tests in the continuous integration pipeline

Risk 3: Problems with testing for software security flaws

• Status: Ongoing
• Probability: Very High
• Severity: Very High

Solutions:

• Mitigation
  • Ensure key security features such as two-factor authentication are thoroughly tested.
  • Possibly investigate some software security testing tools.
  • Talk to professor and TA about how to test for software security.
  • Security officers can help investigate and test for software security.

Risk 4: Difficulties testing the app for ios devices. The ios simulator will require access to a Mac which most group members and testers don't have.

• Status: Ongoing
• Probability: High
• Severity: Medium

Solutions:

• Mitigation
  • Possibly borrow a Macbook from the university for ios testing.

Risk 4: Difficulties running Detox tests on generated android/ios artifacts in the CI pipeline

• Status: Ongoing
• Probability: Very High
• Severity: Very Medium

Solutions:

• Mitigation
  • Testers should discuss and pair program with the build masters to make sure Detox tests will run on the CI

Other Risks

Risk 1: Stakeholder wants to change requirements/team misunderstands stakeholders requirements

• Status: Ongoing
• Probability: Medium
• Severity: Medium

Solutions:

• Mitigation
  • Have multiple members during stakeholder meetings to ask questions and make sure nothing is misunderstood.
  • Have a clear requirements document stating the features and what we are building.
  • Have frequent communication with the stakeholder to confirm their requirements are being met by the software we are building.
  • Have requirement reviews between members.
  • Have a demonstration environment to show the stakeholder what we build
  • Show mockups and prototypes to the stakeholder for feedback.
  • Record the stakeholder meetings so all group members can view the meetings.

Risk 2: Difficulties building and running the application on different systems

• Status: Ongoing
• Probability: Medium
• Severity: Medium

Solutions:

• Mitigation
  • The correct steps on how to build and run the application will be documented by developers
  • The steps will be tested to ensure that the written procedure is correct and that there are no issues

Risk 3: Lack of developers and development time

• Status: Ongoing
• Probability: Very High
• Severity: Very High

Solutions:

• Mitigation
  • Software security research and implementation will be done after the code freeze to make development a priority
  • Shift around roles so that Bathiya would do part-time developing for one week and testing for the next week. Mark will become a full-time developer and Emeka will do part-time development. We do this so that Lukas can transfer to full-time testing.

Risk 4: Inability to complete the project on time

• Status: Ongoing
• Probability: High
• Severity: Very High

Solutions:

• Mitigation
• Contingency Plan
  • Triage team will work together and with the stakeholder if we have to cut out parts of the software.

Resolved Risks

Risks that were resolved in this ID or previous ID's

No Risks were resolved in this ID

Invalid Risks

Risks that are no longer valid to the project

Testing Risk 2: Selenium errors when HTML ID tags are changed (If tags are changed by the developer then tests scripts will fail).

• Status: Invalid
• Probability: very low
• Severity: low

Solutions:

• Mitigation
  • Keep HTML tags the same unless there is a special need to change the tags.
  • Alert the testing team as soon as possible if a tag is changed so test scrips can be quickly updated.
  • Work with a development buddy.
  • Include selenium tests in the continuous integration pipeline.