Concept: Risk Management
This is a fundamental practice that project managers should consider in their projects. Identifying and minimizing risks early in the project lifecycle is key factor for project success.
Relationships
Main Description

Introduction

Every project contains a part of uncertainty. The role of Risk Management is to deal with this uncertainty to try to understand its potential influence on the project. Project risks may be seen as threats or opportunities. The former means the risk should be mitigated (see risk management strategies below) where the latter means that taking a calculated risk may bring, for example, competitive advantage for a product or organization [SEI99].

Identify risks as soon as the project starts and continue identifying and managing risks throughout the project. A common mistake is to identify risks only at the beginning of the project and then only track the status of these initial risks. The risk list should be revisited weekly, or as a minimum once per iteration, to add any newly discovered risk.

Risks Prioritization

A good approach for prioritizing risks is to have an attribute called risk magnitude, a combination of the risk probability and the risk impact. Each iteration provides a chance for better understanding of stakeholder needs, the team capabilities, the technology at hand, and so on. As risks arise, capture, quantify and prioritize them. High level of magnitude risks are attacked first, thus improving the chances of project success and minimizing uncertainty. See Template: Risk List for more information.

Risk Management Strategies

Once you have chosen a set of risks to focus on, choose a mitigation strategy, as described below. Then, identify and assign tasks to apply the strategy to the given risk. Follow up regularly on risk-mitigation actions. Try another strategy if your chosen strategy does not reduce the magnitude of a risk.

Common mitigation strategies are:

  • Risk avoidance: reorganize the project so that it cannot be affected by that risk.
    • For example: you need to use a new framework. A risk avoidance strategy could be to drop this new framework and using another one that is well-known by the team.
  • Risk transfer: reorganize the project so that someone or something else bears the risk.
    • For example: the application you are developing need to communicate with a legacy system. Rather that taking the risk. A risk transfer strategy could be to make the legacy support team responsible of providing the APIs to access the legacy system.
  • Risk mitigation: define a mitigation plan to reduce the probability or the impact of the risk.
    • For example: you need to use a new middleware. A risk mitigation strategy could be to build a prototype using this new middleware to validate that it will provide the features you need for your application.
  • Risk acceptance: decide to live with the risk, and define a contingency plan.
    • For example: your integrator is the only one who knows how to integrate the different components of your application. A contingency plan could be to identify a resource on another project that you could bring on if your integrator is sick, leave the company, etc.
More Information