Getting Started
To get started with adopting this practice, identify if your organization already has a defined risk management process
that your project could follow, and decide on whether to follow the organization process (as is) or to adapt the
process to your project needs. You may want to use - or refine to your project needs - risk management related areas
such as:
-
Approach to identify, analyze and prioritize risks
-
List of potential sources of risk and typical risk categories, as well as impacted stakeholders
-
List of risk management strategies
that will be used in your project
-
Strategy
to monitor each significant risk and its mitigation activities
-
Groups or individuals involved in the project's risk management activities for your project, and their
responsibilities
-
Budget available in your project for managing project risks
-
Tools and techniques that will be used in your project to store risk information, evaluate risks, track the status
of risks or generate risk management reports
You can accelerate the risk identification process for your project if you start with a list of known and expected
types of risks for projects in your organization.
Create a list of prioritized risks (ranked by risk exposure) and come up with strategies to address the "top 10" or so
risks only. It may not be worth, from a financial perspective, to come up with strategies for all the identified risks
(for some risks, the best strategy may even be acceptance).
Everyone in the team is responsible for risk management, in other words, the team and stakeholders collaborate
to identify, asses, and propose strategies to deal with risks. Not everyone will necessarily be responsible
for implementing strategies to address one or more risks or become a "risk owner", although it is
expected that at some point in the project lifecycle a team member could be requested - or volunteer -
to take ownership of risks actions.
Evaluate and assess risks periodically. Recognize that changes will happen throughout the project and that risks need
to be identified and assessed on a regular basis, minimally at each iteration of phase of your project.
Common Pitfalls
Not involving relevant stakeholders in risk identification
The whole team and stakeholders need to participate in the risk identification activity. If you involve only one group
in risk identification, for example only the project team, you may end up not capturing risks that are
relevant to other groups, such as business and marketing risks, etc. If you identify risks with external stakeholders
and do not include the team in risk identification, you may miss important risks related to technology and scope, to
name a few types.
Identifying risks only at the beginning of the project
A common pitfall that leads to poor risk management is to think that risks need to be identified only at the beginning
of the project without the need to revisit the risk list often. New risks do appear throughout the project, and
previously identified risks may never happen (those with low likelihood of happening), so it is essential to revisit
risks throughout the project at intervals when the team and stakeholders meet to identify new risks and assess if
identified risk actions are being effective.
|