Introduction to Risk Management
Every project contains some measure of uncertainty. Risk Management deals with this uncertainty,
trying to understand its potential influence on the project. The purpose of Risk Management is to increase the
probability and impact of positive events and decrease the probability and impact of events adverse to the project [PMI04]. The project manager, team, and stakeholders should be involved in risk
management.
Identify Risks
Identify risks as soon as the project starts and document them in the Risk List. Continue
identifying and managing risks throughout the project. A common mistake is to identify risks only at the beginning of
the project and then only track the status of these initial risks. The Risk List should be
revisited weekly, or as a minimum when performing task Plan Iteration, to add any
newly discovered risks.
Prioritize Risks
Prioritize risks for further analysis or action. A good approach for prioritizing risks is to have an attribute called
risk magnitude, a combination of the risk probability and the risk impact. Each iteration provides a chance for
better understanding of stakeholder needs, the team capabilities, the technology at hand, and so on. Capture, qualify
and prioritize risks as they arise. High magnitude risks are attacked first, thus improving the chances of
project success and minimizing uncertainty. See Template: Risk List for more information.
Select Risk Response Strategies
You are trying to mitigate or tackle the high priority risks as early as possible in the project. In order to achieve
this you need to get a good grip on the risks the project is faced with, and have clear strategies on how to mitigate
or deal with them. Once you have chosen a set of risks to focus on, develop options and determine actions to
enhance opportunities and reduce threats, selecting a strategy, as described in Concept: Risk. Sometimes
strategies can be determined for each cause, rather than each risk, eliminating many risks at once.
Plan Risk Response
For each selected strategy, identify and assign tasks to apply the strategy to the given risk. Place those tasks on the
Work Items List so they can be assigned to iterations. Keep a reference to
the risk for traceability. The effort must be appropriate to the magniture of the risk. Avoid spending more preventing
a threat than the impact from the risk if it occurs.
Monitor Risks
|