One of the more popular methods to perform a risk analysis in the computer field is called Facilitated Risk Analysis Process (FRAP).
FRAP analyzes one system, application or segment of business processes at time.
FRAP believe that additional efforts to develop precisely quantified risks are not cost effective because:
After identifying and categorizing risks, The Team identifies the controls that could metigate the risk. The decision for what controls are needed lies with the business Manager. The team's conclusions as to what risks exists and what controls needed are documented along with a related action plan for control implimentation.
Three of the most important risks a software company faces are unexpected changes in revenue and costs from those budgeted and amount of specialization of the software planned. Risks that affect revenues can be unanticipated competition, privacy, intellectual property right problems, and unit sales that are less than forecast; unexpected development costs also create risk that can be in the form of more rework than anticipated, security holes, and privacy invasions.
Narrow specialization of software with a large amount of research and development expenditures can lead both business and technological risks since specialization does not lead to lower unit costs of software. Combined with the decrease in the potential customer base, specialization risk can be significant for a software firm. After probabilities of scenarios have been calculated with risk analysis, the process of risk management can be applied to help manage the risk.
Methods like Applied Information Economics add to and improve on risk analysis methods by introducing procedures to adjust subjective probabilities, compute the value of additional information and to use the results in part of a larger portfolio management problem.