Risk assessment is actually a continuous process, rather than one which occurs only at specific intervals during the
project. At minimum, you should assess risks at the end of an iteration or phase. Refocus on the goals of the
iteration or phase with respect to the risk list. Specifically:
-
Eliminate risks that have been fully mitigated.
-
Introduce new risks recently discovered.
-
Reassess the magnitude and reorder the risk list (see step: Analyze and prioritize risks).
If possible, revisit your list weekly to see what has changed. Make the top ten items visible to the whole project and
insist on action being taken on them. Often you should attach the current risk list to your status assessment reports.
Note: Do not be too concerned if you discover that the risk list grows during the initial phases or
iterations of the project. As project members do the work, they realize that something they thought was trivial
actually contains risks. As you begin doing integration, you may find some hidden difficulty. However the risks should
steadily decrease as the project reaches the middle- to final-phases of the project. If not, you may not be handling
risks appropriately or your system is too complex, or impossible to build in a systematic and predictable
fashion.
|