Skip to content
ISTQB Foundation Level 4.0 Course Notes

Project and Product Risks

Project Risks

Project risks are related to the successful completion of the project. Aspects include budget constraints, resource availability, schedule slippage, and communication issues.

Effective project risk management involves identifying, assessing, and mitigating risks to ensure the project stays on track and meets its objectives.

For example, to ensure budget constraints don’t put a project at risk., constantly track spending so you can identify budget overflow issues early and react sooner. Budget issues occurring late in the project are much more difficult to solve and stakeholders won’t be happy that this has not been tracked and mitigated earlier.

Issues that Occur

A: Organizational issues

Related to the management and coordination of project activities. Delays in delivery, inaccurate project estimates and timelines, and attempts to cut costs or effort (e.g. test coverage) which can compromise the project’s quality.

B: People issues

Eliminate oracles, single points of failure, share knowledge, up-skill the team

Other issues include conflicts among team members, communication breakdowns, shortage of qualified staff. Events such as a daily morning check-in/standup gives everyone a voice and helps to keep everyone on the same page. Scrum masters are very important because they’re like a coach for the team to ensure they all perform optimally. It’s not a line-manager’s job to manage a staff member in a project. But the scrum master is the best person as they’re project-focused.

Technical issues

Challenges that arise due to the project’s components and processes such as scope creep, poor tooling, poor code quality and lack of best practices. Mitigate scope creep by ensuring the body of work remains the same, but compromises may need to be made in terms of all the previously listed deliverables will still be included.

Supplier issues

Risk associated with external parties/vendors that fail to deliver the components and services as expected. Tip, is to talk to finance/legal that can perform various checks to analyze the risk of working with a certain vendor and put in certain protections so you’ve got a plan b if they don’t deliver.

Product Risks

Product risks pertain to the software being developed, such as functional defects, performance issues, security vulnerabilities, and usability concerns.

Product risks involve thorough testing, code reviews, and continuous monitoring to deliver high-quality software.

It’s incredibly important to invest in the right tools, have people with right skills, expertise, and experience, as well as establishing robust test environments to mitigate product risks, e.g., realistic performance testing with production-like data and load.

Damage to third parties

Defective products can cause problems for partners, vendors, and clients who rely on the product. It can harm the reputation of the company and result in lost revenue and market share. It may be that it doesn’t matter, but your stakeholders will be able to inform you.

High maintenance costs and help desk overload

Poor quality products are the result of not shifting left. Mitigating is about shifting left to find issues early. It’s just about reviewing documentation and code. A common symptom of not shifting left is not having production-quality environments for realistic performance testing.

Criminal penalties

Products that don’t meet regulatory standards, leak data can include criminal penalties.

Extreme consequences

In circumstances where defects can result in physical harm or loss of life.

What's the difference between project and product risks?

Project risks are risks that put the successful delivery of the project at risk (e.g. budget and resource availability), whereas product risks are specific to the product that could result in lost revenue (e.g. poor usability), organization impact (e.g. help desk overload), and potential fines and prosecution if industry standards aren’t met or laws or broken.