Uncertain events can occur anytime during the lifecycle of software. An organization's readiness to deal with these events determines its ability to mitigate the potential losses. Risk management is an essential component of the lifecycle process and is given due diligence in a typical multi-tiered environment of the technological giants. On the contrary, small IT firms, especially the ones falling under the belt of SME and MSME sectors, often follow a reactive approach to risk management. Consequently, the probable losses incurred can be huge and sometimes even challenge the firm's existence in the market. Considering the above issue, we have put forward this paper after performing an empirical study targeting only the Bengaluru region's MSME/SME IT firms. The study was primarily conducted with two objectives (1) to identify the risk attributes and (2) to determine the effectiveness of FMEA techniques and weigh these attributes through the FMEA process. 43 failure modes were identified, which were ranked by a panel of 12 QA experts based on their past project experiences. The top ten failure modes identified by the process will be considered for future analysis and for determining the mitigation steps as a part of the risk management process, particularly for start-ups.