You should apply source-code analysis to identify risks and problems: Both statical (lines-of-code, coupling, cyclomatic complexitx etc) and dynamical analysis (i.e. test coverage, performance-/thread analysis) can help identify risks or problems.