Risk Distribution
This metric tracks the risk exposure for a project distributed across project elements such as use cases or components.
Main Description

Purpose

Risk is a concern that has some probability of negatively impacting release commitments (such as schedule and cost) or the quality of the solution. Addressing risks associated with project elements such as use cases or components according to their likelihood of occurrence and potential impact is essential for project health.

Monitoring risk distribution provides several benefits:

  • Drives iteration plans. Use Cases and components that have associated risk with the highest probability of occurring and highest potential impact should be implemented first.
  • Provides an easily understood summary of risk exposure for each element that could impact project success. New and escalating risks are visible.
  • Reduces the likelihood of focusing on the wrong issues early in the lifecycle that can result in large surprises at the end of the project. Encourages ongoing and active mitigation efforts and increased communication.
  • Useful for explaining the team's confidence in their estimates based on remaining uncertainty. Helps describe the predictability of the project based on remaining risk.
  • Helps the team understand the effectiveness of their risk mitigation activities

Definition

To calculate Risk Distribution:

  1. Analyze risk and assign the following values to each project element (e.g. use case, component)
  • Likelihood of occurrence - defined as a percentage. Use a standard scale such as 20% (low likelihood of occurrence), 40%, 60%, 80% (high likelihood of occurrence)
  • Estimated Cost of Impact - defined in hours or days

2. Calculate a risk exposure score for each project element

Risk Score = Likelihood of occurrence * Estimated Cost of Impact

Analysis

Generate a Risk Distribution report prior to iteration planning. Identify project elements with the highest risk scores and determine what activities are required (for example: get clarification from stakeholders in order to detail those use cases and address any uncertainties). If Risk Distribution is based on components, identify those with the highest risk scores in order to prioritize architectural analysis efforts to make sure those solution components can work as needed to meet stakeholders needs.

Frequency and reporting

The Risk Distribution report is reviewed in each iteration planning session. The team should adjust risk levels at the end of each iteration during a retrospective meeting. Risk Scores are adjusted as needed, and risks that have been addressed are closed so that the team can update the Risk Distribution chart. Stakeholders are routinely apprised of current risks and collaborate with the team for impact assessment and mitigation.

Collection and reporting tools

Risks can be captured in IBM® Rational® Team Concert®, IBM® Rational® Project Conductor®, or in a simple spreadsheet. Generate the Risk Distribution chart using custom reporting capabilities of Rational tools or using charting capabilities in a basic spreadsheet tool.

Assumptions and prerequisites

  • Risks are captured, and the team collaborates with stakeholders to determine likelihood and impact.

Pitfalls, advice, and countermeasures

  • If risk is not managed consistently throughout the lifecycle, the team will likely begin to act in a reactive, crisis mode as risks emerge. A consistent, repeatable risk mitigation process enables better project predictability and higher levels of trust by project stakeholders.
  • The need to identify and monitor risk increases with the complexity of the system.
  • The effort to reduce uncertainty has an associated cost. The team must balance the cost of this effort against the potential impact of not addressing the risk. Not all candidate risks are actively managed. Mitigation effort and degree of monitoring depend on the likelihood of impact and the risk tolerance for the project.
  • The Reduction of Risk Estimation Variance metric can be used with Risk Distribution to monitor trends in reducing risk throughout the lifecycle.
More Information