Risk management deals with issues of uncertainty. Risk Management aims to reduce uncertainty by envisioning possible scenarios and making forecasts (estimates of future outcomes based on data or past performance) on the basis of what it is considered probable within a range of possibilities.
To properly adapt the risk management process to software development, it is necessary to understand the meaning and the relationship between:
- Uncertainty
- Probability
- Created risk
- Risk handling strategies, and the role of estimating in increasing the probability of success
It is also necessary to make clear the state of the art with reference to the risk management process, as regards: terms, definitions, steps, and methods.
The risk management process has been defined many times and many different versions have been given over the last decades.
The framework in International Standards (ISO 31000) systematizes knowledge from literature from various fields and creates a common ground to deal with risk without misunderstanding or ambiguity.
Risk Management starts with modeling the uncertainties (reducible and irreducible) with a range of tools ‒ Monte Carlo Simulation, Reference Class Forecasting, Method of Moments, Design Structure Matrix and the resulting Risk Structure Matrix.
Each of these approaches and others starts with recognizing the separation between aleatory uncertainty and epistemic uncertainty and the estimating processes for each.