Purpose
Risk is a concern that has some probability of negatively impacting release commitments (such as schedule and cost) or
the quality of the solution. Addressing risks associated with project elements such as use cases or components
according to their likelihood of occurrence and potential impact is essential for project health.
Monitoring risk distribution provides several benefits:
Definition
To calculate Risk Distribution:
-
Analyze risk and assign the following values to each project element (e.g. use case, component)
-
Likelihood of occurrence - defined as a percentage. Use a standard scale such as 20% (low likelihood of
occurrence), 40%, 60%, 80% (high likelihood of occurrence)
-
Estimated Cost of Impact - defined in hours or days
2. Calculate a risk exposure score for each project element
Risk Score = Likelihood of occurrence * Estimated Cost of Impact
Analysis
Generate a Risk Distribution report prior to iteration planning. Identify project elements with the highest
risk scores and determine what activities are required (for example: get clarification from stakeholders in order
to detail those use cases and address any uncertainties). If Risk Distribution is based on components, identify those
with the highest risk scores in order to prioritize architectural analysis efforts to make sure those solution
components can work as needed to meet stakeholders needs.
Frequency and reporting
The Risk Distribution report is reviewed in each iteration planning session. The team should adjust risk levels at the
end of each iteration during a retrospective meeting. Risk Scores are adjusted as needed, and risks that have been
addressed are closed so that the team can update the Risk Distribution chart. Stakeholders are routinely apprised of
current risks and collaborate with the team for impact assessment and mitigation.
Collection and reporting tools
Risks can be captured in IBM® Rational® Team Concert®, IBM® Rational® Project Conductor®, or in a simple
spreadsheet. Generate the Risk Distribution chart using custom reporting capabilities of Rational tools or using
charting capabilities in a basic spreadsheet tool.
Assumptions and prerequisites
-
Risks are captured, and the team collaborates with stakeholders to determine likelihood and impact.
Pitfalls, advice, and countermeasures
-
If risk is not managed consistently throughout the lifecycle, the team will likely begin to act in a reactive,
crisis mode as risks emerge. A consistent, repeatable risk mitigation process enables better project predictability
and higher levels of trust by project stakeholders.
-
The need to identify and monitor risk increases with the complexity of the system.
-
The effort to reduce uncertainty has an associated cost. The team must balance the cost of this effort against the
potential impact of not addressing the risk. Not all candidate risks are actively managed. Mitigation effort and
degree of monitoring depend on the likelihood of impact and the risk tolerance for the project.
-
The Reduction of Risk Estimation Variance metric can be used with Risk Distribution
to monitor trends in reducing risk throughout the lifecycle.
|