Importance of Risk Assessment

Tanim-ul Haque Khan
6 min readApr 19, 2022

Just like any of my other articles, this would be more of a story than another technical content. So be warned. If you are looking for a serious discussion this wouldn’t be that. In any case, let me share a story about why Risk Assessment is important.

Story Time

One fine day, I was bored and asked my team members to hang out with me in some restaurant. We filled our bellies and thought of having some coffee. One of them said yeah there’s a good coffee shop nearby on “XYZ” Road. We had two options. One walk our way there. I believe it was something around 1–1.5 KM. Another way we could get a Rickshaw there. I said let's walk since we haven’t really walked in a while due to all these lockdowns and Home Office situations. They all agreed. Since I didn’t know the path I let our Business Analyst take the lead and guide me. He was very happy to lead us to our goal. Not to mention confidence.

As we started our journey on foot, He said “There’s probably a shortcut here that will cut our time short by half”. We all were like okay sure. I personally didn’t really care as I really wanted to walk. And kept following him. So basically, there was a water canal between us and the coffee shop. Bear with me I’ll share map screenshots soon. So, he was assuming that there would be a bridge to cross from this side to that side.

Once we reached the assumed spot, we found no bridge. Our Business Analyst was confident that if we walked a little, we would find some crossing mechanism. Nobody really cared as we had barely walked. We kept walking forward for a few more minutes but no bridges. By now we had walked around 500 Meters. At that point, we had kind of committed quite a little. But in hopes of finding our bridge we kept walking.

After walking around 1KM+ few of us were getting tired and wanted to get into a Rickshaw but we were in such a deep place where none was to be found. We had to keep following the edge of the canal to find the main road where we could find some vehicles. We walked around 2KM and finally saw the main road. And I suddenly realized We are now further away from the destination than when we had initially started 😆. Honestly, I didn’t care much since I was really bored and wanted to walk. But I couldn’t say the same for others. One of them was like, “Heck I’m going home”. Well called in some Rickshaw and rode to our Destination which is now further away 😆 and had our coffee.

Let's take a look at the map

The picture above marks the start and endpoints of our expected journey.

The picture above shows our assumed path with our imaginary bridge.

Now this shows the actual path we had taken.

In short, We planned to take a shortcut. Short cuts are great. But usually, it is uncharted territory and it comes with risks. For example, in this case, the uncertainty of having a bridge was a big risk. What we could have done?

· Open Google Map and see if there’s a bridge.

· Ask someone local to be sure if there’s actually a way.

If we had taken 5 mins of our time to validate our assumption, we could have saved ourselves a lot of time. And time is money. In the end, we had to

· Walk more than necessary

· Waste time

· Pay more as the distance was more

If we had gone through the Known Route, then it would have been more cost-effective.

So, you may ask what if there was a bridge? Yes, that is exactly why we need to Manage our Risks. Risks are great but it needs to be calculated. Taking blind risks wouldn’t help you in any way but rather hurt you.

How does this help us in Software Engineering?

Glad that you have asked. Software Engineering is very similar to a journey. We always have a “Starting point” and we always have a “Destination point”. And we all want to reach our destination as fast as possible. So we look for short-cuts or quick solutions. And there are thousands if not millions of shortcuts in this field. And we have to take them. But before taking any shortcut we should always assess the risks that a shortcut may bring. And that is called “Risk Assessment”.

Let's say you need to develop a website for a single product. So what do you do? There are a lot of tech stacks to work with. Where to start? Each tech stack has its own pros and cons. Depending on your requirements you should choose the one that overlaps the most. You won’t ever get a perfect fit so stop trying. Maybe you chose .Net or Laravel or J2EE or maybe WordPress.

If you chose WordPress you might find yourself in a pinch when you are trying to scale. But for a static site or a single product website, WordPress would be more than enough for you. It will get you started faster than anything. And time is money. Deploying your website a day early could change your business.

Short-cuts can give you an edge over your competition but it is after all a double-edged sword. It can very easily build up “Technical Debt”. Any form of debt is bad. Unless you have a plan to write off your debt easily it will be a major risk for you. Here’s a quick video about it.

Sounds like a waste of time

It’s a common mistake that the sooner you start coding sooner you will finish. Our story portrays exactly what happens when we make wrong assumptions without properly assessing the risk. You could potentially set back your project 3x times longer. With Risk Assessment, you can take calculated risks.

Let's create a scenario

If you develop this e-commerce with WordPress you would need to switch to a different technology later down the line when you have “X amount” of customers. But It is 10x cheaper and 8x faster to develop on WordPress Now.

What do you do now?

Now if you know you will have more than the threshold amount of customers it’d be wise to just go for the more robust technology. But if you are just starting your business then it’d be wise to go for WordPress as it gets you started as soon as possible at a very low cost.

Here’s a good tool for visualization of the risks. You should map your concerns with the help of the following table.

Risk Analysis Table

With this now you can take a calculated risk. You can prioritize the issues that need the most focus. Resources are scarce. There is always a trade-off to what you can focus on and what you can not with your currently available resources.

More Examples?

Cross-Platform Vs Native would be a great example of risk analysis. Come think of that I actually have written some articles about that as well. You can find them from these links below.



Tanim-ul Haque Khan

Author — “How to Make A Game” / Apress, Springer Nature | Head Of Unity Department at Brain Station 23 Limited | Co-Founder of Capawcino Cat Cafe